cve-reachability-analyzer
Analyze CVE reachability in software repositories by examining how vulnerable dependencies are imported and used. Determines whether vulnerable components, classes, or functions are reachable from project code through call chain analysis, reflection detection, dynamic loading patterns, and configuration-gated behavior. Classifies each CVE as likely reachable, possibly reachable, or likely unreachable with supporting evidence. Use when analyzing security vulnerabilities in dependencies, performing post-disclosure CVE triage, assessing vulnerability impact, or when users ask to analyze CVE reachability, check if vulnerabilities are exploitable, or evaluate dependency security risks.
90
85%
Does it follow best practices?
Impact
99%
1.05xAverage score across 3 eval scenarios
Passed
No known issues
Evaluation results
100%
5%Security Triage: YAML Processing Service
Classification criteria and test vs. production distinction
Correct top-level classification
100%
100%
Confidence level assigned
0%
100%
Version match confirmed
100%
100%
Production call site cited
100%
100%
Test-only usage distinguished
100%
100%
Dead code recognized
100%
100%
Safe function excluded
100%
100%
Call chain from entry point
100%
100%
Uncertainty section present
100%
100%
Recommendations present
100%
100%
100%
2%Dependency Vulnerability Triage: Node.js API Service
Configuration-gated reachability and assumption documentation
Feature flag as configuration gate
100%
100%
Possibly Reachable classification
86%
100%
Dev-only route as unreachable
100%
100%
Production config state unknown
100%
100%
Uncertainty section with config unknowns
100%
100%
Version check
100%
100%
Call site with file reference
100%
100%
Non-vulnerable functions excluded
100%
100%
Recommendations reflect uncertainty
100%
100%
Does not classify as Likely Reachable
100%
100%
97%
8%Vulnerability Impact Assessment: Java Microservice
Call graph construction and dynamic invocation detection
Version match confirmed
100%
100%
enableDefaultTyping identified
100%
100%
Full call chain from HTTP endpoint
100%
100%
Likely Reachable classification
100%
100%
Confidence level assigned
0%
100%
Reflection detected
100%
100%
Reflection classified as uncertainty
40%
70%
Safe ObjectMapper excluded
100%
100%
Test-only usage not counted
100%
100%
Analysis Notes section
100%
100%
Recommendations present
100%
100%
- Repository
- ArabelaTso/Skills-4-SE
- Commit
0f00a4f
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.