ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cyber Kev Triage

v0.1.0

Prioritize vulnerability remediation using KEV-style exploitation context plus asset criticality. Use for CVE triage, patch order decisions, and remediation...

0· 436·2 current·3 all-time
byMuhammad Mazhar Saeed@0x-professor
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (KEV-style triage) matches the provided artifacts: a scoring method, guidance doc, and a Python script that ingests vulnerabilities/assets and produces prioritized output. No unrelated credentials, binaries, or resources are requested.
Instruction Scope
SKILL.md instructs the agent to run the bundled script and read the included triage-method. The script only reads the provided input file, maps assets, computes scores, and writes an output artifact; it does not access other system paths, environment variables, or external endpoints. Guardrails in SKILL.md (no exploit payload generation) align with the code.
Install Mechanism
Instruction-only skill with no install spec. The only executable is a bundled Python script; there are no downloads or external packages installed by the skill.
Credentials
No required environment variables, credentials, or config paths are declared or used. The script accepts an input file path and an output path only, which is proportionate to the triage function.
Persistence & Privilege
The skill is not marked always:true and does not modify other skills or system-wide settings. It runs on demand and does not request elevated persistence.
Assessment
This skill looks coherent and runs locally on a provided JSON payload; it does not request keys or make network calls. Before use: (1) review the script yourself (it's short and readable) and run it in a controlled environment, (2) ensure input JSON is from a trusted source (it may contain sensitive asset data), (3) choose safe output paths to avoid overwriting important files, and (4) confirm the scoring thresholds and criticality mappings match your organization's policy. The code has some basic input assumptions (e.g., CVSS parsed as a float); malformed fields may raise errors, so validate inputs first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c7jxsw92s60yx75fa0ctc5h81w6da
436downloads
0stars
1versions
Updated 18h ago
v0.1.0
MIT-0
Muhammad Mazhar Saeed@0x-professor
latest
Download

Cyber KEV Triage

Overview

Create a patch-priority plan by combining vulnerability severity, exploitation status, and business criticality of affected assets.

Workflow

  1. Collect vulnerabilities with CVE, CVSS, exploitation indicator, and affected asset.
  2. Map each vulnerability to asset criticality.
  3. Score and rank vulnerabilities into patch priority tiers.
  4. Produce concise remediation summary and due-window guidance.

Use Bundled Resources

  • Run scripts/kev_triage.py for deterministic triage output.
  • Read references/triage-method.md for scoring rationale and review checks.

Guardrails

  • Keep output defensive and remediation-focused.
  • Do not generate exploit payloads or offensive execution steps.

Comments

Loading comments...