Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From fuse-security
Research CVEs and security advisories for project dependencies. Uses Exa, NVD API, OSV.dev, and GitHub Advisory Database to find known vulnerabilities.
How this skill is triggered — by the user, by Claude, or both
Slash command
/fuse-security:cve-researchThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Research known vulnerabilities for project dependencies using multiple sources.
Research known vulnerabilities for project dependencies using multiple sources.
| Source | API | Coverage |
|---|---|---|
| NVD | nvd.nist.gov/vuln/api | All CVEs |
| OSV.dev | api.osv.dev | npm, PyPI, Go, crates, Maven |
| GitHub Advisory | github.com/advisories | npm, pip, composer, cargo |
| Exa Search | Via MCP | Real-time web search |
For each dependency:
| CVSS Score | Severity | Action |
|---|---|---|
| 9.0 - 10.0 | CRITICAL | Fix immediately |
| 7.0 - 8.9 | HIGH | Fix before merge |
| 4.0 - 6.9 | MEDIUM | Plan fix |
| 0.1 - 3.9 | LOW | Document |
npx claudepluginhub fusengine/agents --plugin fuse-securityScans project dependencies for known CVEs across npm, pip, cargo, Go, and Java ecosystems. Reports vulnerable packages with severity, affected versions, and fixes.
Mines GitHub Security Advisories and NVD CVE databases for incomplete fixes, identifying variant vulnerabilities in patched code and similar patterns in related packages. Useful for high-acceptance-rate security findings.
Researches a CVE or vulnerability disclosure end-to-end: affected versions, reachability in your code, public PoC availability, patch status, exposure window, and mitigation guidance. Use for CVE, zero-day, EPSS, or patch triage.