From node-cve
Query and deduplicate open CVE vulnerability issues from OCPBUGS for Node team components
How this skill is triggered — by the user, by Claude, or both
Slash command
/node-cve:query-open-cvesThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Use this skill when Phase 1 of the `node-cve:triage` command needs to fetch all open CVE trackers from Jira and deduplicate them into a list of unique CVEs.
Use this skill when Phase 1 of the node-cve:triage command needs to fetch all open CVE trackers from Jira and deduplicate them into a list of unique CVEs.
jira CLI configured with valid credentialsJIRA_API_TOKENRead the CVE-tracked component list from the node-team shared components reference. Use the full "Jira Components (OCPBUGS)" list plus the additional CVE triage components (Driver Toolkit, Machine Config Operator).
If --component was specified, use only that component instead of the full list.
The Jira saved filter "Node Components" (ID 91645) does not include Driver Toolkit and Machine Config Operator, so the explicit list from the shared reference is used for CVE queries to ensure completeness.
Build and execute the JQL query:
jira issue list -q "project = OCPBUGS AND type = Vulnerability AND component in (<components from shared reference>) AND status not in (Closed, Done, Verified)" --plain --no-headers --columns KEY,SUMMARY,COMPONENT,STATUS,ASSIGNEE,LABELS
If --days N was specified, add AND updated >= -${N}d to the JQL.
Handle pagination: the jira CLI returns up to 100 results by default (format: --paginate <from>:<limit>). If the result count equals 100, paginate by re-running with --paginate 100:100, --paginate 200:100, etc. until fewer than 100 results are returned.
For each row in the output:
OCPBUGS-85948)CVE-[0-9]{4}-[0-9]+\[openshift-([^\]]+)\]pscomponent:* labels for Phase 2 repo mapping)Group all tracker issues by CVE ID. For each unique CVE, build a record:
{
"cve_id": "CVE-2026-32281",
"summary": "Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"components": ["Node / CRI-O"],
"status": "New",
"assignee": "ocp-sustaining-blocked-trackers",
"tracker_keys": ["OCPBUGS-85948", "OCPBUGS-85932", "OCPBUGS-85914", "..."],
"affected_versions": ["4.12.z", "4.13.z", "4.14.z", "4.15.z", "4.16.z", "4.17", "4.18", "4.19"],
"labels": ["pscomponent:cri-o", "SecurityTracking"]
}
A single CVE may span multiple components (e.g., both "Node / CRI-O" and "Machine Config Operator"), so components is an array collecting all distinct component values across tracker issues for that CVE.
Use the highest version tracker for the "primary" assignee and status (issues on newer versions are typically more actively managed).
Flag CVEs where:
{
"skill": "query-open-cves",
"status": "success",
"total_trackers": 45,
"unique_cves": 6,
"cves": [
{
"cve_id": "CVE-2026-32281",
"summary": "...",
"components": ["Node / CRI-O"],
"status": "New",
"assignee": "ocp-sustaining-blocked-trackers",
"is_unassigned": true,
"tracker_keys": ["OCPBUGS-85948", "..."],
"affected_versions": ["4.12.z", "..."],
"labels": ["pscomponent:cri-o"]
}
]
}
jira CLI returns an error, print the error and exit. Common causes: expired API token, network issues, invalid JQL.Guides collaborative design exploration before implementation: explores context, asks clarifying questions, proposes approaches, and writes a design doc for user approval.
Creates structured, bite-sized implementation plans from specs or requirements before writing code. Useful for breaking down multi-step tasks into testable steps with file structure and task boundaries.
Synthesizes the current conversation into a structured spec (PRD) and publishes it to the project issue tracker with a ready-for-agent label, without interviewing the user.
npx claudepluginhub cblecker/ai-helpers --plugin node-cve