---
name: agent-bom-vulnerability-intel
description: >-
  Use agent-bom to check package, SBOM, inventory, and agent dependency
  exposure against OSV, GitHub Security Advisories, NVD, EPSS, and CISA KEV
  with explicit data-boundary choices. Use when a user asks for CVE lookup,
  advisory intelligence, exploitability context, fix versions, GHSA/OSV/NVD
  enrichment, or package vulnerability triage.
version: 0.91.0
license: Apache-2.0
compatibility: >-
  Requires Python 3.11+ and agent-bom installed from this repository or PyPI.
  No credentials are required for basic public advisory lookups. Optional
  NVD_API_KEY and GITHUB_TOKEN values only raise provider rate limits.
metadata:
  author: msaad00
  homepage: https://github.com/msaad00/agent-bom
  source: https://github.com/msaad00/agent-bom
  pypi: https://pypi.org/project/agent-bom/
  openclaw:
    requires:
      bins:
        - agent-bom
      env: []
      credentials: none
    credential_policy: "Do not ask users to paste credentials. Optional NVD_API_KEY and GITHUB_TOKEN values may be present in the operator environment for rate limits, but their values must never be displayed, logged, or copied into prompts."
    optional_env:
      - NVD_API_KEY
      - GITHUB_TOKEN
    optional_bins: []
    emoji: "\U0001F6E1"
    homepage: https://github.com/msaad00/agent-bom
    source: https://github.com/msaad00/agent-bom
    license: Apache-2.0
    os:
      - darwin
      - linux
      - windows
    credential_handling: "No cloud or source-control credentials are needed. Advisory API tokens stay in the operator environment and are used only by agent-bom's existing advisory clients; do not echo or persist token values."
    data_flow: "Default package checks send package names, versions, ecosystems, PURLs, and CVE/advisory IDs to public advisory databases. Source code, raw config files, secrets, env values, and full scan reports are not sent to advisory providers. Use offline/cache-approved mode when private package names are sensitive."
    file_reads:
      - "operator-provided inventory JSON"
      - "operator-provided CycloneDX/SPDX SBOM files"
      - "local agent configuration paths only when the operator chooses a local scan"
    file_writes:
      - "operator-selected JSON/SARIF/report output path"
    network_endpoints:
      - url: "https://api.osv.dev/v1"
        purpose: "OSV package vulnerability lookup"
        auth: false
      - url: "https://api.github.com/advisories"
        purpose: "GitHub Security Advisories lookup; optional token only raises rate limits"
        auth: false
      - url: "https://services.nvd.nist.gov/rest/json/cves/2.0"
        purpose: "NVD CVSS, CWE, and publication metadata enrichment"
        auth: false
      - url: "https://api.first.org/data/v1/epss"
        purpose: "EPSS exploit probability enrichment"
        auth: false
      - url: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
        purpose: "CISA Known Exploited Vulnerabilities enrichment"
        auth: false
    telemetry: false
    persistence: false
    privilege_escalation: false
    always: false
    autonomous_invocation: restricted
---

# agent-bom-vulnerability-intel

Use this skill to answer vulnerability-intelligence questions through
agent-bom's existing scanners and canonical evidence model. Do not create
one-off OSV, GHSA, NVD, EPSS, or KEV clients in the agent session; route through
agent-bom so advisory provenance, aliases, severity gates, cache behavior,
redaction, and output schemas stay consistent.

## Modes

Start with the smallest mode that answers the user:

| Mode | Use When | Data Boundary |
|------|----------|---------------|
| `explain-only` | User wants to know what would be queried | No advisory calls |
| `check-package` | User names one package/version/ecosystem | Only that package identifier is queried |
| `scan-local` | User wants findings from local agents or a local inventory file | Local parse first; advisory calls use package identifiers only |
| `offline-review` | Private package names cannot leave the environment | Use local/cache-approved data only; disclose reduced coverage |
| `export` | User wants PR gate, SARIF, JSON, or audit evidence | Write only to an operator-selected path |

## Guardrails

- Ask before scanning a broad filesystem path or local agent configs.
- Do not paste or reveal `NVD_API_KEY`, `GITHUB_TOKEN`, package-registry
  credentials, cloud credentials, or env values.
- Do not send full source files, lockfiles, config contents, secrets, or scan
  reports to advisory providers. agent-bom extracts package identifiers first.
- Treat unknown or unresolvable versions as coverage gaps, not clean results.
- Preserve advisory provenance. Do not collapse OSV, GHSA, NVD, EPSS, and KEV
  into a single unlabelled severity.
- Do not modify dependencies or install fixes unless the user explicitly asks
  for a remediation workflow.

## Workflows

### Explain the Boundary

When the user asks "what leaves my environment?", answer before running:

```text
This lookup sends package identifiers (name, version, ecosystem/PURL) and CVE
IDs to public advisory databases. It does not send source code, raw configs,
secrets, env values, credentials, or full scan reports. Use offline-review if
private package names are sensitive.
```

### Check One Package

```bash
agent-bom check flask==2.0.0 --ecosystem pypi
```

Use this for quick triage and fix-version checks. If the package name belongs
to a private registry or internal project, use `explain-only` first and let the
operator decide whether the identifier may be queried externally.

### Scan a Canonical Inventory

```bash
agent-bom agents --inventory inventory.json --format json --output findings.json
```

Use this after an operator-pull adapter or discovery skill emits canonical
inventory. The inventory can stop at the file boundary; scanning is an explicit
operator handoff.

### Export for a PR Gate

```bash
agent-bom agents --inventory inventory.json --format sarif --output agent-bom.sarif
```

Use SARIF only when the user wants GitHub code-scanning or AppSec PR-gate
evidence. Keep JSON for local analysis and audit trails.

### Offline Review

If external advisory calls are not allowed, run with the project's offline or
cache-approved mode and say clearly that coverage depends on the locally
available vulnerability database. Do not call a clean offline result equivalent
to a fresh OSV/GHSA/NVD lookup.

## Output Rules

- Show CVE/GHSA/PYSEC aliases together when available.
- Include severity source, fix version, EPSS, KEV status, CWE, and advisory
  source chain when present.
- Separate "no vulnerabilities found" from "not enough data to evaluate."
- Keep raw credentials and credential-bearing URLs out of output, logs, prompts,
  SARIF locations, and exported reports.