ark-vulnerability-fixer

CVE research and security patch workflow for Ark. Provides CVE API integration, mitigation strategies, and security-focused PR templates. Works with research, analysis, and setup skills for comprehensive vulnerability fixing.

1.01x

Quality

46%

Does it follow best practices?

Impact

79%

1.01x

Average score across 3 eval scenarios

Securityby

Advisory

Suggest reviewing before use

Optimize this skill with Tessl

npx tessl skill review --optimize ./.claude/skills/vulnerability-fixer/SKILL.md

Evaluation results

100%

18%

Security Vulnerability Assessment: CVE-2023-44487

CVE API research and mitigation planning

Criteria

Without context

With context

CIRCL API usage

100%

CVSS score reported

100%

Affected version range

100%

Recommended/patched version

100%

Vendor/advisory sources

100%

Multiple mitigation options

66%

100%

Vulnerability Details section

100%

Impact on Ark section

75%

100%

Ark deployment context in risk assessment

100%

User approval gate

100%

Recommendation section

100%

92%

-8%

Investigating a Vulnerable npm Transitive Dependency

Node.js transitive dependency vulnerability resolution

Criteria

Without context

With context

All lockfiles searched

100%

jq or equivalent version inspection

100%

Identifies parent packages

100%

Identifies conflicting versions

100%

npm overrides global risk warning

100%

Parent package upgrade recommendation

100%

Remediation script produced

100%

find command for lockfiles

100%

45%

-8%

Preparing the Git Workflow for a Security Patch

Security branch naming and PR template

Criteria

Without context

With context

Branch naming convention

50%

go get + go mod tidy

30%

100%

Verification commands

100%

87%

Commit message prefix

16%

Commit Vulnerability Details section

50%

25%

Commit References with CIRCL URL

Push uses branch name

50%

gh pr create used

100%

PR vulnerability details table

66%

83%

PR Risk Assessment section

100%

Repository: mckinsey/agents-at-scale-ark
Commit: fc5746e

Evaluated: 21 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Security Vulnerability Assessment: CVE-2023-44487 Investigating a Vulnerable npm Transitive Dependency Preparing the Git Workflow for a Security Patch

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.