Skill

findings

From zeropath

List open ZeroPath issues in this repo (or org). Read-only.

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/zeropath:findings

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Read-path entrypoint. Inline, no subagent - this is just an MCP call

SKILL.md

71 lines · ~620 tokens

Stats

LanguageJavaScript

Stars0

MaintenanceGood

Last CommitMay 20, 2026

Actions

View Source View Plugin View on GitHub View README

Stats

Actions

/zeropath:findings

Read-path entrypoint. Inline, no subagent - this is just an MCP call and a render.

What you do

Get the repo binding once. One bash call:
```
node "${CLAUDE_PLUGIN_ROOT}/scripts/current-binding.mjs"
```
Branch on the result:
- ok: true → use repositoryIds: ["<repositoryId>"] and organizationId: "<orgId>" in the MCP call. Mention the repo in your reply ("Open findings in <orgName>/<repoUrl>:").
- ok: false, reason: "resolve_failed" → ask in plain chat whether to add the repo to ZeroPath via repositories.addByUrl or list org-wide for now. Don't auto-add.
- Any other failure → fall back to org-wide and tell the user one line ("Can't auto-detect a ZeroPath repo for this directory; listing org-wide.").
Don't probe creds, the CLI, or config in chat - the auto-bootstrap handles all that.
Call issues.list with sensible defaults:
```
{
  "offset": 0,
  "limit": 25,
  "statuses": ["PENDING_REVIEW"],
  "sortBy": "score",
  "sortOrder": "desc"
}
```
Layer on scoreLevels, vulnerabilityClasses, repositoryBranches, searchQuery based on the user's filter.
Render compactly. One row per finding: id | severity | vuln class | repo | file:line | title. Cap output to ~20 rows; surface counts.total and offer to page.
Recognize adjacent intents and route to other MCP tools. Same underlying server exposes more than issues.list. Reach for these when the user's intent points at them:
- "Any dependency vulns?" / "What about lodash?" → sca.list.
- "Any CVEs for X?" → vulnerabilities.search.
- "What endpoints do we expose?" → endpoints.search with the bound repositoryId.
- "How are we doing?" / "Give me a summary" → stats.summary (+ stats.assets).
- "Has this pattern been used elsewhere?" → code.search with the bound organizationId.
Hand off explicit follow-ups. Map specific intents to the right slash command:
- "Explain this one" → /zeropath:explain <id>
- "Investigate this deeper" → /zeropath:investigate <id>
- "Fix this" → /zeropath:fix <id>
- "Triage these" → /zeropath:triage
Never invent fields. If issues.list doesn't return something in its response shape, omit it from the table.

findings

Invocation

Context Preview

SKILL.md

findings

Invocation

Context Preview

SKILL.md

/zeropath:findings

What you do

Similar Skills

/zeropath:findings

What you do

Similar Skills