Stats
Actions
Tags
From find-cve-agent
Mines GitHub Security Advisories and NVD CVE databases for incomplete fixes, identifying variant vulnerabilities in patched code and similar patterns in related packages. Useful for high-acceptance-rate security findings.
How this skill is triggered — by the user, by Claude, or both
Slash command
/find-cve-agent:advisory-miningThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Looking for high-acceptance-rate findings. Incomplete fix variants have ~95% acceptance rate because:
Looking for high-acceptance-rate findings. Incomplete fix variants have ~95% acceptance rate because:
# GitHub Advisory API -- recent npm advisories
gh api graphql -f query='
{
securityAdvisories(first: 20, orderBy: {field: PUBLISHED_AT, direction: DESC}, ecosystem: NPM) {
nodes {
ghsaId
summary
severity
publishedAt
vulnerabilities(first: 5) {
nodes {
package { name ecosystem }
vulnerableVersionRange
firstPatchedVersion { identifier }
}
}
}
}
}'
# Search by keyword
gh api "/advisories?ecosystem=npm&keyword=injection&per_page=20"
gh api "/advisories?ecosystem=pip&keyword=traversal&per_page=20"
For each advisory:
# Find security-related commits
git log --oneline --all | grep -i "security\|fix\|vuln\|CVE\|patch\|sanitize"
# Read the patch
git show <commit_hash>
git diff <before_commit>..<fix_commit>
Common incomplete fixes:
| What Was Fixed | What Was Missed |
|---|---|
../ blocked | ..\ not blocked (Windows) |
__proto__ filtered | constructor.prototype not filtered |
| One regex fixed | Similar regex in same file not fixed |
| One function fixed | Wrapper function calls it differently |
| Parsing fixed | Serialization has same bug |
| Validation added | Can be bypassed with encoding |
| One entry point fixed | Other entry points not covered |
| Input sanitized | Error messages leak unsanitized data |
If the vulnerability is in a common pattern (e.g., path.join without validation), search for it in similar packages:
# Use grep.app to find same pattern across repos
# See cross-pollination skill for details
Apply the fp-check skill to verify the variant is real before submitting.
# Search NVD for CVEs by keyword
curl "https://services.nvd.nist.gov/rest/json/cves/2.0?keywordSearch=xml+parser+javascript"
# Search by CPE
curl "https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:a:vendor:product:*"
Variant findings typically get:
npx claudepluginhub byamb4/find-cve-agentMultiplies security findings by extracting vulnerable patterns from confirmed issues and searching similar packages via grep.app regex in JS/TS/Python files.
Finds similar vulnerabilities and bugs across codebases using pattern-based analysis. Guides iterative generalization from known bugs to broader patterns with CodeQL/Semgrep.
Researches a CVE or vulnerability disclosure end-to-end: affected versions, reachability in your code, public PoC availability, patch status, exposure window, and mitigation guidance. Use for CVE, zero-day, EPSS, or patch triage.