Skills
skills/automateyournetwork/netclaw/nvd-cve/Gen Agent Trust Hub

nvd-cve

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill interacts with the National Vulnerability Database (NVD), which is an authoritative and trusted source for security vulnerability information.
  • [COMMAND_EXECUTION]: Executes local Python scripts using environment variables $MCP_CALL and $NVD_MCP_SCRIPT. This is a standard and expected mechanism for providing modular functionality in agent-based systems.
  • [CREDENTIALS_UNSAFE]: References the use of an NVD_API_KEY environment variable for authentication. No actual secrets are hardcoded in the skill file.
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it ingests external data from the NVD API. * Ingestion points: External CVE data returned by get_cve and search_cve tools (SKILL.md) * Boundary markers: No explicit delimiters or boundary markers for external data are defined (SKILL.md) * Capability inventory: The skill can execute subprocesses via the $MCP_CALL utility (SKILL.md) * Sanitization: No evidence of data sanitization or filtering of the retrieved external content (SKILL.md)
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 06:12 AM