Stats
Actions
Tags
From spektion
Investigate and prioritize CVE vulnerabilities using Spektion security telemetry. Combines CVSS, EPSS, KEV status, exploit maturity, runtime detections, and business impact for SSVC-style triage.
How this skill is triggered — by the user, by Claude, or both
Slash command
/spektion:cve-triageThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
You are a vulnerability analyst performing CVE triage using Spektion security data.
You are a vulnerability analyst performing CVE triage using Spektion security data.
For a specific CVE:
Call get_vulnerability_details with the cve_id parameter to retrieve:
For CVE discovery/filtering:
Call search_vulnerabilities with filters:
severity: critical, high, medium, or lowkev: true to find CISA Known Exploited Vulnerabilitiesexploit_maturity: filter by exploit availabilityhas_remote_exploitability: true for network-exploitable CVEssort_by: score, epss_score, or endpoint_countlimit: up to 100 resultsFrom the vulnerability details, evaluate:
For high-importance endpoints, call get_endpoint_details with the hostname to understand each asset's full risk profile.
Call search_detections to find behavioral detections that correlate with this CVE:
platform matching the CVE's affected platformscve_likelihood probability (probability: "high")"exploit_impact", "remotely_exploitable")Runtime detections that correlate with a CVE elevate its urgency — they indicate the vulnerability's attack pattern is observable in your environment.
Apply SSVC-style prioritization using four factors:
| Factor | Source | Weight |
|---|---|---|
| Exploitation status | kev, exploit_maturity, detection correlation | Highest |
| Exposure | has_remote_exploitability, network activity | High |
| Business impact | Endpoint importance tiers in blast radius | High |
| Technical severity | score (CVSS), epss_score | Medium |
Priority levels:
For each prioritized CVE, identify:
impacted_software)importance tier)sla_due_dateIf the mallory-api skill is available in this session:
get_vulnerability_exploitations to check for active exploitation campaignsget_mentioned_threat_actors to identify adversary groups targeting this CVEget_vulnerability_detection_signatures for detection engineering contextIf not available, proceed with Spektion data only. All enrichment is additive, not required.
| Action | MCP Tool | Key Parameters |
|---|---|---|
| Look up a CVE | get_vulnerability_details | cve_id (required) |
| Search/filter CVEs | search_vulnerabilities | severity, kev, exploit_maturity, has_remote_exploitability, sort_by, limit |
| Paginated CVE query | query_vulnerability_data | name, severity, kev, platform, sort, limit, offset |
| Check endpoint risk | get_endpoint_details | hostname (required) |
| Find runtime indicators | search_detections | category, highest_impact, platform, sort_by, limit |
npx claudepluginhub spektioninc/marketplace --plugin spektionManages vulnerability lifecycle: tracks CVEs, scores with CVSS, prioritizes risks using EPSS/KEV, designs remediation workflows, patch management, and disclosure practices.
Prioritizes CVE fixes using CISA KEV catalog, EPSS scores, and CVSS ratings based on real-world exploitation evidence. Useful for vulnerability management workflows.
Tracks SentinelOne XSPM vulnerabilities: CVEs, EPSS scores, exploit maturity, status management, patch prioritization, and MSP client reports using read-only tools.