← 返回 Skills 市场

Government Cybersecurity Vulnerability Intel

Name: Government Cybersecurity Vulnerability Intel
Author: martc03

作者 Martin · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

587

总下载

当前安装

版本数

在 OpenClaw 中安装

/install gov-cybersecurity

功能描述

CVE vulnerability lookup via NIST NVD, CISA KEV, EPSS scores, and MITRE ATT&CK. 7 tools for real-time cybersecurity intelligence.

使用说明 (SKILL.md)

Government Cybersecurity Vulnerability Intel

Real-time vulnerability intelligence from 4 authoritative sources — no API keys required.

Setup

Connect to the remote MCP server:

mcporter add gov-cyber --url https://cybersecurity-vuln-mcp.apify.actor/mcp --transport streamable-http

Or add directly to your OpenClaw MCP config (~/.openclaw/mcp.json):

{
  "servers": {
    "gov-cyber": {
      "url": "https://cybersecurity-vuln-mcp.apify.actor/mcp",
      "transport": "streamable-http"
    }
  }
}

Available Tools

`vuln_lookup_cve`

Look up a CVE by ID and get enriched intelligence from all 4 sources in a single call — NVD details (CVSS score, description, references), CISA KEV active exploitation status, EPSS exploitation probability, and MITRE ATT&CK techniques.

Look up CVE-2021-44228

Example output: CRITICAL 10.0, EPSS 94.4%, KEV=YES, ATT&CK: T1190/T1203/T1595.002

`vuln_search`

Search the NIST National Vulnerability Database by keyword, severity, and date range.

Search NVD for "apache log4j" critical vulnerabilities

Parameters: keyword, severity (LOW/MEDIUM/HIGH/CRITICAL), pubStartDate, pubEndDate, limit

`vuln_kev_latest`

Get recently added entries from the CISA Known Exploited Vulnerabilities catalog — confirmed actively exploited in the wild.

Show KEV entries added in the last 7 days

Parameters: days (1-365, default 7), limit

`vuln_kev_due_soon`

Get CISA KEV vulnerabilities with upcoming remediation deadlines. Federal agencies must patch by the due date.

Show KEV vulnerabilities due within 14 days

Parameters: days (1-90, default 14), limit

`vuln_epss_top`

Get CVEs with the highest EPSS exploitation probability scores. A score of 0.9 = 90% chance of exploitation in the next 30 days.

Show CVEs with EPSS score above 0.9

Parameters: threshold (0-1, default 0.5), limit

`vuln_trending`

Get recently published critical and high severity CVEs. Stay on top of emerging threats.

Show trending critical CVEs from the last 3 days

Parameters: days (1-30, default 3), severity, limit

`vuln_by_vendor`

Search CVEs for a specific vendor/product with KEV cross-referencing for actively exploited vulns.

Show Microsoft Windows vulnerabilities

Parameters: vendor (required), product (optional), limit

Data Sources

NIST NVD 2.0 — National Vulnerability Database (CVE details, CVSS scores)
CISA KEV — Known Exploited Vulnerabilities catalog
FIRST.org EPSS — Exploitation Prediction Scoring System
MITRE ATT&CK — Adversary techniques and tactics (172 CVEs mapped to 42 techniques)

Use Cases

Vulnerability triage and prioritization
Compliance tracking (CISA KEV deadlines)
Vendor risk assessments
Threat intelligence briefings
Patch management decisions

All data from free US government APIs. Zero cost. No API keys required.

安全使用建议

This skill is essentially a connector: it asks you to add a third‑party MCP server (https://cybersecurity-vuln-mcp.apify.actor/mcp) so the agent can fetch aggregated CVE data. Before installing: 1) Verify the operator and repository (the homepage points to a GitHub repo) and confirm the server actually proxies only government APIs as claimed. 2) Verify the provenance of the 'mcporter' binary you must have — prefer obtaining it from an official source. 3) Be aware that adding the server entry to ~/.openclaw/mcp.json is persistent and gives that server the ability to provide tools/responses to your agent; avoid adding servers you don't fully trust. 4) If in doubt, run queries in a sandboxed environment or request a self-hostable manifest so you can host the aggregator yourself. The main red flags are (a) the implicit trust in a remote, third‑party server and (b) the metadata omission about modifying ~/.openclaw/mcp.json — ask the maintainer for clarification or a self-host option if you need stronger assurance.

功能分析

Type: OpenClaw Skill Name: gov-cybersecurity Version: 1.0.0 The skill bundle itself does not contain direct malicious code or prompt injection attempts. However, it is entirely dependent on an opaque, remote service hosted on `apify.actor` (`https://cybersecurity-vuln-mcp.apify.actor/mcp`), which is configured via the `mcporter add` command in `SKILL.md`. This introduces a significant supply chain risk, as the actual logic and behavior of the skill are controlled by an unverified external endpoint and cannot be audited from the provided files.

能力评估

ℹ Purpose & Capability

The name/description (CVE lookups from NVD, CISA, EPSS, MITRE) match the runtime instructions: the skill connects your agent to a remote MCP server that presumably aggregates those sources. However the description does not clearly state that it requires adding a third‑party MCP server (hosted at an apify.actor domain), which is an important trust decision for users.

⚠ Instruction Scope

Runtime instructions explicitly tell the user/agent to add a remote MCP server (mcporter add ... or editing ~/.openclaw/mcp.json). The SKILL.md instructs adding/persisting an external server entry, which expands what the agent can call. The metadata declared no required config paths, yet the instructions reference modifying ~/.openclaw/mcp.json — an inconsistency.

✓ Install Mechanism

There is no install spec and no code files; the skill is instruction-only. The only runtime requirement is the 'mcporter' binary, which is reasonable given the instructions.

✓ Credentials

No environment variables or credentials are requested. Requiring the mcporter binary is proportionate to the described operation. No unrelated secrets or services are requested.

⚠ Persistence & Privilege

Although 'always' is false, the instructions tell the user to add a persistent remote MCP server entry (via mcporter or by editing ~/.openclaw/mcp.json). That persisted server can expand agent capabilities and route future tool calls through a third party — a meaningful privilege/attack surface increase that requires trusting the server operator.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install gov-cybersecurity
安装完成后，直接呼叫该 Skill 的名称或使用 /gov-cybersecurity 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of gov-cybersecurity skill. - Provides real-time CVE vulnerability lookup and intelligence from NIST NVD, CISA KEV, EPSS, and MITRE ATT&CK. - Includes 7 tools for searching, trending, and enriched vulnerability data. - No API keys required; uses only free US government data sources. - Supports use cases like compliance tracking, risk assessment, and patch management. - Simple setup with `mcporter` and OpenClaw MCP integration. - Useful for cybersecurity professionals needing authoritative vulnerability info.

元数据

Slug gov-cybersecurity

版本 1.0.0

许可证 —

累计安装 3

当前安装数 3

历史版本数 1

常见问题