← Back to Skills Marketplace
Cyber Kev Triage
by
Muhammad Mazhar Saeed
· GitHub ↗
· v0.1.0
498
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install cyber-kev-triage
Description
Prioritize vulnerability remediation using KEV-style exploitation context plus asset criticality. Use for CVE triage, patch order decisions, and remediation...
README (SKILL.md)
Cyber KEV Triage
Overview
Create a patch-priority plan by combining vulnerability severity, exploitation status, and business criticality of affected assets.
Workflow
- Collect vulnerabilities with CVE, CVSS, exploitation indicator, and affected asset.
- Map each vulnerability to asset criticality.
- Score and rank vulnerabilities into patch priority tiers.
- Produce concise remediation summary and due-window guidance.
Use Bundled Resources
- Run
scripts/kev_triage.pyfor deterministic triage output. - Read
references/triage-method.mdfor scoring rationale and review checks.
Guardrails
- Keep output defensive and remediation-focused.
- Do not generate exploit payloads or offensive execution steps.
Usage Guidance
This skill looks coherent and runs locally on a provided JSON payload; it does not request keys or make network calls. Before use: (1) review the script yourself (it's short and readable) and run it in a controlled environment, (2) ensure input JSON is from a trusted source (it may contain sensitive asset data), (3) choose safe output paths to avoid overwriting important files, and (4) confirm the scoring thresholds and criticality mappings match your organization's policy. The code has some basic input assumptions (e.g., CVSS parsed as a float); malformed fields may raise errors, so validate inputs first.
Capability Analysis
Type: OpenClaw Skill
Name: cyber-kev-triage
Version: 0.1.0
The `scripts/kev_triage.py` file exhibits potential Local File Inclusion (LFI) and Local File Write (LFW) vulnerabilities. It directly uses user-supplied paths for `--input` and `--output` arguments without explicit sanitization or restriction, allowing the script to read arbitrary files (which it then attempts to parse as JSON) and write processed data to arbitrary locations on the filesystem. While the script's core functionality is benign and there's no evidence of intentional data exfiltration, command execution, or persistence, these vulnerabilities could be exploited by an attacker who can control the arguments passed to the script (e.g., via prompt injection against the OpenClaw agent) to access or modify files beyond the intended scope.
Capability Assessment
Purpose & Capability
Name/description (KEV-style triage) matches the provided artifacts: a scoring method, guidance doc, and a Python script that ingests vulnerabilities/assets and produces prioritized output. No unrelated credentials, binaries, or resources are requested.
Instruction Scope
SKILL.md instructs the agent to run the bundled script and read the included triage-method. The script only reads the provided input file, maps assets, computes scores, and writes an output artifact; it does not access other system paths, environment variables, or external endpoints. Guardrails in SKILL.md (no exploit payload generation) align with the code.
Install Mechanism
Instruction-only skill with no install spec. The only executable is a bundled Python script; there are no downloads or external packages installed by the skill.
Credentials
No required environment variables, credentials, or config paths are declared or used. The script accepts an input file path and an output path only, which is proportionate to the triage function.
Persistence & Privilege
The skill is not marked always:true and does not modify other skills or system-wide settings. It runs on demand and does not request elevated persistence.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install cyber-kev-triage - After installation, invoke the skill by name or use
/cyber-kev-triage - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
- Initial release of cyber-kev-triage skill.
- Enables vulnerability triage by combining KEV exploitation context with asset criticality.
- Supports automated CVE patch-priority planning and remediation reporting.
- Includes scoring workflow, bundled triage script, and scoring rationale documentation.
- Restricts outputs to defensive, remediation-focused information only.
Metadata
Frequently Asked Questions
What is Cyber Kev Triage?
Prioritize vulnerability remediation using KEV-style exploitation context plus asset criticality. Use for CVE triage, patch order decisions, and remediation... It is an AI Agent Skill for Claude Code / OpenClaw, with 498 downloads so far.
How do I install Cyber Kev Triage?
Run "/install cyber-kev-triage" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Cyber Kev Triage free?
Yes, Cyber Kev Triage is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Cyber Kev Triage support?
Cyber Kev Triage is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Cyber Kev Triage?
It is built and maintained by Muhammad Mazhar Saeed (@0x-professor); the current version is v0.1.0.
More Skills