cve-watchlist-action-recommendation-generator
Generate prioritized CVE watchlists and actionable security recommendations for repositories. Use when analyzing CVE scan results, creating security reports, prioritizing vulnerability remediation, or generating security gate reports for CI/CD. Takes CVE scan results (JSON/SARIF from npm audit, pip-audit, Snyk), reachability analysis, and cutoff date as input. Combines severity, reachability, exploitability, and dependency criticality to rank CVEs by practical risk. Outputs markdown reports with concrete next-step guidance (immediate upgrade, monitor, ignore with justification, apply mitigation) suitable for issue trackers, security reviews, and CI security gates.
Install with Tessl CLI
npx tessl i github:ArabelaTso/Skills-4-SE --skill cve-watchlist-action-recommendation-generator94
Does it follow best practices?
Validation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that excels across all dimensions. It provides specific capabilities, comprehensive trigger terms that security professionals would naturally use, explicit 'Use when' guidance, and a clearly defined niche that distinguishes it from other skills. The description uses proper third-person voice throughout and balances detail with clarity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Generate prioritized CVE watchlists', 'creating security reports', 'prioritizing vulnerability remediation', 'generating security gate reports'. Also specifies inputs (JSON/SARIF from npm audit, pip-audit, Snyk) and outputs (markdown reports with concrete next-step guidance). | 3 / 3 |
Completeness | Clearly answers both what ('Generate prioritized CVE watchlists and actionable security recommendations') AND when ('Use when analyzing CVE scan results, creating security reports, prioritizing vulnerability remediation, or generating security gate reports for CI/CD'). Explicit 'Use when...' clause present. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'CVE', 'security', 'vulnerability', 'npm audit', 'pip-audit', 'Snyk', 'SARIF', 'CI/CD', 'security gate', 'remediation'. These are terms security engineers and developers naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche focused specifically on CVE analysis and security vulnerability prioritization. The specific tool mentions (npm audit, pip-audit, Snyk, SARIF) and domain focus (CVE watchlists, reachability analysis) make it unlikely to conflict with general code or document skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured skill with strong actionability and clear workflow progression. The input format examples and output template provide concrete, executable guidance. Minor verbosity in the input format section and tips could be tightened, but overall the skill effectively balances comprehensiveness with clarity.
Suggestions
Condense the input format examples - consider showing one canonical format with a note that the parser handles npm/pip/Snyk automatically, rather than full JSON examples for each
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably efficient but includes some redundancy - the input format examples are quite verbose and could be condensed. The workflow steps are clear but some explanations (like the tip section) add moderate padding. | 2 / 3 |
Actionability | Provides concrete, executable commands (python scripts with specific arguments), complete JSON schema examples for all input formats, specific upgrade commands, and a detailed example output. Copy-paste ready throughout. | 3 / 3 |
Workflow Clarity | Clear 4-step workflow with explicit sequencing. The decision tree provides concrete thresholds for action recommendations. Each step has validation through the risk scoring formula and clear outputs feeding into the next step. | 3 / 3 |
Progressive Disclosure | Excellent structure with main workflow in SKILL.md and appropriate references to detailed materials (risk_scoring.md, action_guidelines.md, report_template.md). References are one level deep and clearly signaled with descriptive labels. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.