cyber-kev-triage
Prioritize vulnerability remediation using KEV-style exploitation context plus asset criticality. Use for CVE triage, patch order decisions, and remediation reporting.
84
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description with clear security domain focus and explicit trigger guidance. The 'Use for' clause effectively communicates when to select this skill. The main weakness is that the capability description could be more specific about concrete actions performed rather than high-level outcomes.
Suggestions
Add more specific concrete actions like 'cross-references CVEs against KEV catalog', 'calculates risk scores', or 'generates prioritized remediation lists' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (vulnerability remediation) and mentions some actions (CVE triage, patch order decisions, remediation reporting), but lacks concrete specific actions like 'analyze CVSS scores', 'generate priority rankings', or 'cross-reference KEV database'. | 2 / 3 |
Completeness | Clearly answers both what (prioritize vulnerability remediation using KEV-style exploitation context plus asset criticality) and when (CVE triage, patch order decisions, remediation reporting) with explicit 'Use for' clause. | 3 / 3 |
Trigger Term Quality | Good coverage of natural terms users would say: 'CVE', 'triage', 'patch', 'remediation', 'vulnerability', 'KEV'. These are terms security professionals would naturally use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche in security/vulnerability management with distinct triggers like 'KEV', 'CVE triage', 'patch order', and 'asset criticality' that are unlikely to conflict with general security or document skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is concise and well-structured with appropriate progressive disclosure to bundled resources. However, it lacks concrete executable examples (e.g., sample command invocation, expected output format) and explicit validation steps in the workflow, which limits its actionability for Claude to follow precisely.
Suggestions
Add a concrete example showing how to invoke `scripts/kev_triage.py` with sample arguments and expected output format
Include a validation step in the workflow (e.g., 'Verify triage output contains all required fields before generating remediation summary')
Provide a sample input/output pair showing CVE data going in and prioritized patch list coming out
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, with no unnecessary explanations of concepts Claude would already know. Every section serves a clear purpose without padding. | 3 / 3 |
Actionability | Provides some concrete guidance (script path, reference file), but lacks executable examples, specific command syntax, or sample input/output. The workflow steps are descriptive rather than executable. | 2 / 3 |
Workflow Clarity | Steps are listed in sequence but lack validation checkpoints or feedback loops. No explicit verification step to confirm triage output is correct before proceeding to remediation reporting. | 2 / 3 |
Progressive Disclosure | Clear overview structure with well-signaled one-level-deep references to scripts and reference documentation. Content is appropriately split between the skill file and supporting resources. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.