Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From agentic-security
Explains CVEs, GHSAs, and security findings in plain English with fix suggestions. Activates on CVE IDs or vulnerability questions.
npx claudepluginhub clear-capabilities/agentic-security --plugin agentic-securityHow this skill is triggered — by the user, by Claude, or both
Slash command
/agentic-security:security-explain-cveThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Activates automatically when the user references a vulnerability by ID
Researches a CVE or vulnerability disclosure end-to-end: affected versions, reachability in your code, public PoC availability, patch status, exposure window, and mitigation guidance. Use for CVE, zero-day, EPSS, or patch triage.
Walks a security finding Socratically, guiding developers through source-to-sink analysis and missing sanitizers. Activates on 'explain finding', 'why is X dangerous', or a finding-id reference.
Guides setting up vulnerability disclosure programs, responding to researcher reports, reporting third-party vulns, writing security advisories, requesting CVEs, and evaluating bug bounties.
Share bugs, ideas, or general feedback.
Activates automatically when the user references a vulnerability by ID
(CVE-2024-1234, GHSA-jf85-cpcp-j695) or asks for an explanation of a
specific finding. Don't wait for them to type /triage --explain.
[critical] CWE-89 SQL Injection at api/users.ts:42) and asks for context.Look it up locally first. Call MCP lookup_cve({ cve: "CVE-…" })
— it returns the cached OSV / KEV / EPSS data with staleness tier.
If it's there, lead with the cached snapshot (vendor + product + date
added + KEV status). No network call needed.
Then read the relevant explainer. If the user has a scan in
.agentic-security/last-scan.json and the CVE matches a finding,
pull the finding's description, remediation, and whyFired
evidence — call MCP explain_finding({ finding_id }). If they
don't have a scan yet, fall back to the generic CWE explainer.
Render the explanation in plain English. Four parts:
/fix --rotate-secret).Offer the narrative shape if the user is non-technical. Suggest
/triage --explain --narrative for the four-act attack story when the
audience is a builder or a PM, not a security engineer.
lookup_cve returns
present: false, say "I don't have current data on this CVE — the
local OSV cache doesn't have it" and offer to run /scan --all
which populates the cache.If the user wants the explanation as a one-shot CLI output:
/triage --explain <finding-id-or-CWE-or-vuln-name> (or /triage --explain --narrative
for the attack-story shape).