cve-reachability-analyzer

Analyze CVE reachability in software repositories by examining how vulnerable dependencies are imported and used. Determines whether vulnerable components, classes, or functions are reachable from project code through call chain analysis, reflection detection, dynamic loading patterns, and configuration-gated behavior. Classifies each CVE as likely reachable, possibly reachable, or likely unreachable with supporting evidence. Use when analyzing security vulnerabilities in dependencies, performing post-disclosure CVE triage, assessing vulnerability impact, or when users ask to analyze CVE reachability, check if vulnerabilities are exploitable, or evaluate dependency security risks.

Install with Tessl CLI

npx tessl i github:ArabelaTso/Skills-4-SE --skill cve-reachability-analyzer

What are skills?

Review — 85%

Does it follow best practices?

If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:

npx tessl skill review --optimize ./path/to/skill

Learn more

Validation — 11 / 11 Passed

Validation for skill structure

SKILL.md

Review

Evals

Evaluation results

100%

Security Triage: YAML Processing Service

Classification criteria and test vs. production distinction

Criteria

Without context

With context

Correct top-level classification

100%

Confidence level assigned

100%

Version match confirmed

100%

Production call site cited

100%

Test-only usage distinguished

100%

Dead code recognized

100%

Safe function excluded

100%

Call chain from entry point

100%

Uncertainty section present

100%

Recommendations present

100%

Without context: $0.1749 · 1m 29s · 8 turns · 13 in / 3,647 out tokens

With context: $0.6842 · 3m 15s · 21 turns · 3,320 in / 9,100 out tokens

100%

Dependency Vulnerability Triage: Node.js API Service

Configuration-gated reachability and assumption documentation

Criteria

Without context

With context

Feature flag as configuration gate

100%

Possibly Reachable classification

86%

100%

Dev-only route as unreachable

100%

Production config state unknown

100%

Uncertainty section with config unknowns

100%

Version check

100%

Call site with file reference

100%

Non-vulnerable functions excluded

100%

Recommendations reflect uncertainty

100%

Does not classify as Likely Reachable

100%

Without context: $0.2474 · 1m 53s · 11 turns · 14 in / 4,282 out tokens

With context: $0.3611 · 2m 8s · 11 turns · 3,307 in / 5,318 out tokens

97%

Vulnerability Impact Assessment: Java Microservice

Call graph construction and dynamic invocation detection

Criteria

Without context

With context

Version match confirmed

100%

enableDefaultTyping identified

100%

Full call chain from HTTP endpoint

100%

Likely Reachable classification

100%

Confidence level assigned

100%

Reflection detected

100%

Reflection classified as uncertainty

40%

70%

Safe ObjectMapper excluded

100%

Test-only usage not counted

100%

Analysis Notes section

100%

Recommendations present

100%

Without context: $0.3242 · 2m 8s · 12 turns · 17 in / 5,514 out tokens

With context: $0.5860 · 2m 43s · 19 turns · 6,578 in / 6,189 out tokens

Evaluated: about 20 hours ago
Agent: Claude Code

Table of Contents

Security Triage: YAML Processing Service Dependency Vulnerability Triage: Node.js API Service Vulnerability Impact Assessment: Java Microservice

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.