agent-bom vulnerability intel

intent

use this skill to answer vulnerability-intelligence questions through agent-bom's existing scanners and canonical evidence model. route all cve lookups, advisory enrichment, exploitability context, fix-version queries, and package-triage requests through agent-bom rather than building one-off osv, ghsa, nvd, epss, or kev clients. this keeps advisory provenance, aliases, severity gates, cache behavior, redaction, and output schemas consistent across the session.

inputs

required

• python 3.11 or higher installed on the operator's system
• agent-bom binary installed from pypi or the clawhub repository (https://pypi.org/project/agent-bom/)

optional (increases rate limits and coverage)

• NVD_API_KEY: nist nvd api token, stored in operator environment only, never logged or echoed
• GITHUB_TOKEN: github api token, stored in operator environment only, never logged or echoed

data inputs, user-provided

• package name and version (ecosystem: pypi, npm, maven, golang, nuget, cargo, etc.)
• sbom file in cyclonedx or spdx json/xml format
• operator-provided inventory json with canonical package identifiers
• local agent configuration paths (ask before scanning)

external advisory apis (no auth required for public lookups)

• osv database (https://api.osv.dev/v1): package vulnerability lookup
• github security advisories (https://api.github.com/advisories): ghsa and ecosystem-specific advisories, optional token only raises rate limits
• nist nvd (https://services.nvd.nist.gov/rest/json/cves/2.0): cvss, cwe, publication metadata enrichment
• first epss (https://api.first.org/data/v1/epss): exploit probability enrichment
• cisa kev (https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json): known actively exploited vulnerabilities enrichment

procedure

1. identify the user's question and select the minimal mode that answers it (see decision points below). do not default to broad scanning.

2. if the user asks about data boundaries first (e.g., "what leaves my environment?"), explain before executing: "this lookup sends package identifiers (name, version, ecosystem/purl) and cve ids to public advisory databases. it does not send source code, raw configs, secrets, env values, credentials, or full scan reports. use offline-review mode if private package names are sensitive."

3. for single-package lookup mode, execute:

   agent-bom check <package-name>==<version> --ecosystem <ecosystem>
   

   example: agent-bom check flask==2.0.0 --ecosystem pypi. output: cve/ghsa/pysec aliases, severity, fix versions, epss, kev status, and advisory source.

4. for sbom or inventory scan mode, accept the operator-provided file path and execute:

   agent-bom agents --inventory <path-to-inventory.json> --format json --output <operator-selected-path>
   

   the inventory must contain canonical package identifiers. do not ingest raw lockfiles or config files directly; extract identifiers first.

5. for pr-gate or export mode, use sarif output only if the user explicitly requests github code-scanning or appsec integration:

   agent-bom agents --inventory <path> --format sarif --output agent-bom.sarif
   

   keep json for local analysis and audit trails.

6. for offline or cache-approved mode, check operator environment for local vulnerability databases and run with cache constraints:

   agent-bom check --offline-only <package-name>==<version> --ecosystem <ecosystem>
   

   output: clearly state that coverage depends on locally available data and is not equivalent to a fresh osv/ghsa/nvd lookup.

7. enrich output with provenance: when results arrive, display cve/ghsa/pysec aliases together, include severity source (osv, ghsa, nvd), fix versions, epss scores, kev status, cwe identifiers, and advisory source chain.

8. handle empty or incomplete results: distinguish "no vulnerabilities found after advisory lookup" from "insufficient version data to evaluate." flag unresolvable versions as coverage gaps, not clean results.

9. write exported output only to operator-selected paths. do not persist credentials, credential-bearing urls, env values, or secrets in any exported file.

decision points

if the user asks "what data leaves my environment?"

• output the data-boundary explanation (see procedure step 2) before making any advisory call.

if the user names a single package and version

• use check-package mode (procedure step 3). do not scan the entire local filesystem.

if the user provides an sbom, inventory, or local agent scan

• use scan-local mode (procedure step 4). extract package identifiers first; do not send raw source, lockfiles, or config contents to advisory providers.

if the user's package name suggests a private or internal registry (e.g., "my-org-internal-lib")

• ask permission before querying public advisory databases. offer explain-only mode to show what would be sent.

if the user requests pr-gate, github code-scanning, or appsec integration

• use export mode with sarif output (procedure step 5). do not export sarif unless explicitly requested.

if external advisory lookups are forbidden or the operator declares a private environment

• use offline-review mode (procedure step 6). clearly state reduced coverage and do not claim equivalence to live osv/ghsa/nvd queries.

if nvd_api_key or github_token are present in the operator environment

• use them to increase rate limits, but never log, echo, paste, or display their values in output, logs, or prompts.

if a package version cannot be resolved or is not found in any advisory database

• report as a coverage gap, not a clean result. recommend broader ecosystem scanning or manual triage.

if rate limits are hit (429 http status)

• back off and explain to the user that advisory providers have throttled the request. suggest retrying after a delay or providing api tokens to increase limits.

if network timeout or transient failure occurs

• retry up to 2 times with exponential backoff (1 second, then 3 seconds). if the failure persists, report advisory api availability as degraded and offer offline mode.

output contract

success output is a structured advisory report containing

• package identifier (name, version, ecosystem, purl)
• cve/ghsa/pysec identifiers with aliases grouped together
• severity (cvss v3.1 or v2.0 base score, source: osv, ghsa, or nvd)
• epss percentile and exploit probability (from first epss api)
• kev status (in cisa kev? yes/no, date added if yes)
• cwe identifiers and description
• advisory source chain (osv, ghsa, nvd, or local cache)
• fix version or remediation guidance
• json or sarif output written only to the operator-selected file path

output must not contain

• env variable values, api tokens, or credentials
• credential-bearing urls or api endpoints with auth parameters
• source code, raw lockfiles, config contents, or scan reports
• unlabelled or collapsed severity (preserve osv, ghsa, nvd, epss, and kev as distinct sources)

format options

• --format json: structured advisory data for audit, local analysis, and integration. default.
• --format sarif: github code-scanning and pr-gate integration only when requested.
• --format text: human-readable summary (use only for cli output, not persistence).

outcome signal

the skill worked when

• the user receives a complete advisory report with cve/ghsa identifiers, severity, fix versions, epss, and kev status for the package(s) they asked about.
• the user can distinguish between "no vulnerabilities found" and "insufficient version data to evaluate" (coverage gaps are flagged).
• exported reports (json or sarif) are written to the operator-selected path without credentials, secrets, or full scan artifacts.
• if offline mode was used, the output clearly states that coverage depends on local cache and is not equivalent to a live external lookup.
• if the user asked about data boundaries, they receive a clear explanation of what package identifiers are sent to advisory apis before any lookup occurs.
• rate limits, network failures, and unresolvable versions are reported honestly, not hidden or reframed as clean results.

credits: original author msaad00 (https://github.com/msaad00/agent-bom). enriched for implexa quality standards.