cve-watchlist-action-recommendation-generator

Generate prioritized CVE watchlists and actionable security recommendations for repositories. Use when analyzing CVE scan results, creating security reports, prioritizing vulnerability remediation, or generating security gate reports for CI/CD. Takes CVE scan results (JSON/SARIF from npm audit, pip-audit, Snyk), reachability analysis, and cutoff date as input. Combines severity, reachability, exploitability, and dependency criticality to rank CVEs by practical risk. Outputs markdown reports with concrete next-step guidance (immediate upgrade, monitor, ignore with justification, apply mitigation) suitable for issue trackers, security reviews, and CI security gates.

Install with Tessl CLI

npx tessl i github:ArabelaTso/Skills-4-SE --skill cve-watchlist-action-recommendation-generator

What are skills?

Review — 92%

Does it follow best practices?

Validation — 11 / 11 Passed

Validation for skill structure

SKILL.md

Review

Evals

Evaluation results

92%

64%

CVE Risk Triage for a Healthcare API Platform

Risk factor scoring and tier classification

Criteria

Without context

With context

Correct formula weights

100%

Reachability numeric mapping

100%

Exploitability numeric mapping

100%

Criticality numeric mapping

20%

100%

Severity adjustment for known exploit

Severity adjustment for active exploitation

100%

Critical tier boundary

50%

100%

High tier boundary

25%

100%

Low/Minimal tier boundary

37%

100%

Missing data assumption documented

80%

100%

Score calculations shown

100%

Without context: $0.3356 · 2m 18s · 9 turns · 14 in / 7,820 out tokens

With context: $1.2176 · 4m 47s · 35 turns · 5,643 in / 14,170 out tokens

98%

22%

Security Report for an E-commerce Node.js Backend

Full report structure and grouped CVE recommendations

Criteria

Without context

With context

Executive Summary section

50%

100%

Prioritized CVE Watchlist section

25%

100%

Summary of Actions section

37%

75%

Dependency Overview section

25%

100%

Next Steps section

50%

100%

Grouped multi-CVE package

100%

Transitive dependency handling

100%

npm upgrade commands

100%

Mitigation for unavailable fix

100%

Links to CVE references

100%

Breaking changes documented

100%

Without context: $0.1802 · 1m 13s · 8 turns · 13 in / 3,074 out tokens

With context: $1.8871 · 5m 54s · 45 turns · 3,880 in / 21,805 out tokens

69%

-14%

Automated CVE Processing for a FinTech Platform

Script-based workflow and special case handling

Criteria

Without context

With context

parse_scan_results.py invocation

100%

calculate_risk_score.py invocation

100%

87%

Script pipeline order

100%

No-fix mitigation recommendation

100%

Breaking-changes evaluation

70%

30%

Ignore with justification

40%

Compensating controls score reduction

20%

Reachability data included

100%

Missing data assumption documented

100%

62%

Process log or script output

100%

Zero-day treatment

100%

Without context: $0.5760 · 3m 13s · 17 turns · 22 in / 10,220 out tokens

With context: $1.3310 · 4m 46s · 36 turns · 5,612 in / 15,397 out tokens

Evaluated: about 12 hours ago
Agent: Claude Code

Table of Contents

CVE Risk Triage for a Healthcare API Platform Security Report for an E-commerce Node.js Backend Automated CVE Processing for a FinTech Platform

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.