← Back to Skills Marketplace
martc03

Government Cybersecurity Vulnerability Intel

by Martin · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
587
Downloads
0
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install gov-cybersecurity
Description
CVE vulnerability lookup via NIST NVD, CISA KEV, EPSS scores, and MITRE ATT&CK. 7 tools for real-time cybersecurity intelligence.
README (SKILL.md)

Government Cybersecurity Vulnerability Intel

Real-time vulnerability intelligence from 4 authoritative sources — no API keys required.

Setup

Connect to the remote MCP server:

mcporter add gov-cyber --url https://cybersecurity-vuln-mcp.apify.actor/mcp --transport streamable-http

Or add directly to your OpenClaw MCP config (~/.openclaw/mcp.json):

{
  "servers": {
    "gov-cyber": {
      "url": "https://cybersecurity-vuln-mcp.apify.actor/mcp",
      "transport": "streamable-http"
    }
  }
}

Available Tools

vuln_lookup_cve

Look up a CVE by ID and get enriched intelligence from all 4 sources in a single call — NVD details (CVSS score, description, references), CISA KEV active exploitation status, EPSS exploitation probability, and MITRE ATT&CK techniques.

Look up CVE-2021-44228

Example output: CRITICAL 10.0, EPSS 94.4%, KEV=YES, ATT&CK: T1190/T1203/T1595.002

vuln_search

Search the NIST National Vulnerability Database by keyword, severity, and date range.

Search NVD for "apache log4j" critical vulnerabilities

Parameters: keyword, severity (LOW/MEDIUM/HIGH/CRITICAL), pubStartDate, pubEndDate, limit

vuln_kev_latest

Get recently added entries from the CISA Known Exploited Vulnerabilities catalog — confirmed actively exploited in the wild.

Show KEV entries added in the last 7 days

Parameters: days (1-365, default 7), limit

vuln_kev_due_soon

Get CISA KEV vulnerabilities with upcoming remediation deadlines. Federal agencies must patch by the due date.

Show KEV vulnerabilities due within 14 days

Parameters: days (1-90, default 14), limit

vuln_epss_top

Get CVEs with the highest EPSS exploitation probability scores. A score of 0.9 = 90% chance of exploitation in the next 30 days.

Show CVEs with EPSS score above 0.9

Parameters: threshold (0-1, default 0.5), limit

vuln_trending

Get recently published critical and high severity CVEs. Stay on top of emerging threats.

Show trending critical CVEs from the last 3 days

Parameters: days (1-30, default 3), severity, limit

vuln_by_vendor

Search CVEs for a specific vendor/product with KEV cross-referencing for actively exploited vulns.

Show Microsoft Windows vulnerabilities

Parameters: vendor (required), product (optional), limit

Data Sources

  • NIST NVD 2.0 — National Vulnerability Database (CVE details, CVSS scores)
  • CISA KEV — Known Exploited Vulnerabilities catalog
  • FIRST.org EPSS — Exploitation Prediction Scoring System
  • MITRE ATT&CK — Adversary techniques and tactics (172 CVEs mapped to 42 techniques)

Use Cases

  • Vulnerability triage and prioritization
  • Compliance tracking (CISA KEV deadlines)
  • Vendor risk assessments
  • Threat intelligence briefings
  • Patch management decisions

All data from free US government APIs. Zero cost. No API keys required.

Usage Guidance
This skill is essentially a connector: it asks you to add a third‑party MCP server (https://cybersecurity-vuln-mcp.apify.actor/mcp) so the agent can fetch aggregated CVE data. Before installing: 1) Verify the operator and repository (the homepage points to a GitHub repo) and confirm the server actually proxies only government APIs as claimed. 2) Verify the provenance of the 'mcporter' binary you must have — prefer obtaining it from an official source. 3) Be aware that adding the server entry to ~/.openclaw/mcp.json is persistent and gives that server the ability to provide tools/responses to your agent; avoid adding servers you don't fully trust. 4) If in doubt, run queries in a sandboxed environment or request a self-hostable manifest so you can host the aggregator yourself. The main red flags are (a) the implicit trust in a remote, third‑party server and (b) the metadata omission about modifying ~/.openclaw/mcp.json — ask the maintainer for clarification or a self-host option if you need stronger assurance.
Capability Analysis
Type: OpenClaw Skill Name: gov-cybersecurity Version: 1.0.0 The skill bundle itself does not contain direct malicious code or prompt injection attempts. However, it is entirely dependent on an opaque, remote service hosted on `apify.actor` (`https://cybersecurity-vuln-mcp.apify.actor/mcp`), which is configured via the `mcporter add` command in `SKILL.md`. This introduces a significant supply chain risk, as the actual logic and behavior of the skill are controlled by an unverified external endpoint and cannot be audited from the provided files.
Capability Assessment
Purpose & Capability
The name/description (CVE lookups from NVD, CISA, EPSS, MITRE) match the runtime instructions: the skill connects your agent to a remote MCP server that presumably aggregates those sources. However the description does not clearly state that it requires adding a third‑party MCP server (hosted at an apify.actor domain), which is an important trust decision for users.
Instruction Scope
Runtime instructions explicitly tell the user/agent to add a remote MCP server (mcporter add ... or editing ~/.openclaw/mcp.json). The SKILL.md instructs adding/persisting an external server entry, which expands what the agent can call. The metadata declared no required config paths, yet the instructions reference modifying ~/.openclaw/mcp.json — an inconsistency.
Install Mechanism
There is no install spec and no code files; the skill is instruction-only. The only runtime requirement is the 'mcporter' binary, which is reasonable given the instructions.
Credentials
No environment variables or credentials are requested. Requiring the mcporter binary is proportionate to the described operation. No unrelated secrets or services are requested.
Persistence & Privilege
Although 'always' is false, the instructions tell the user to add a persistent remote MCP server entry (via mcporter or by editing ~/.openclaw/mcp.json). That persisted server can expand agent capabilities and route future tool calls through a third party — a meaningful privilege/attack surface increase that requires trusting the server operator.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install gov-cybersecurity
  3. After installation, invoke the skill by name or use /gov-cybersecurity
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of gov-cybersecurity skill. - Provides real-time CVE vulnerability lookup and intelligence from NIST NVD, CISA KEV, EPSS, and MITRE ATT&CK. - Includes 7 tools for searching, trending, and enriched vulnerability data. - No API keys required; uses only free US government data sources. - Supports use cases like compliance tracking, risk assessment, and patch management. - Simple setup with `mcporter` and OpenClaw MCP integration. - Useful for cybersecurity professionals needing authoritative vulnerability info.
Metadata
Slug gov-cybersecurity
Version 1.0.0
License
All-time Installs 3
Active Installs 3
Total Versions 1
Frequently Asked Questions

What is Government Cybersecurity Vulnerability Intel?

CVE vulnerability lookup via NIST NVD, CISA KEV, EPSS scores, and MITRE ATT&CK. 7 tools for real-time cybersecurity intelligence. It is an AI Agent Skill for Claude Code / OpenClaw, with 587 downloads so far.

How do I install Government Cybersecurity Vulnerability Intel?

Run "/install gov-cybersecurity" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Government Cybersecurity Vulnerability Intel free?

Yes, Government Cybersecurity Vulnerability Intel is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Government Cybersecurity Vulnerability Intel support?

Government Cybersecurity Vulnerability Intel is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Government Cybersecurity Vulnerability Intel?

It is built and maintained by Martin (@martc03); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments