Raven — 0-Day Threat Hunter

This skill drives Project Raven's MDASH (Multi-Model Agentic Security Harness) pipeline. It composes modules from pipeline/ into a single end-to-end flow:

target ─► prepare ─► scan ─► validate ─► dedup ─► prove ─► enrich ─► report
         │           │          │          │        │         │
         │           │          │          │        │         └─ D3FEND + ATT&CK + threat intel
         │           │          │          │        └─ symbolic execution / formal verification
         │           │          │          └─ semantic clustering
         │           │          └─ multi-model debate
         │           └─ 100+ specialized auditor agents
         └─ surface map + threat model + cross-language taint

Every emission terminates at a tool oracle, a classical-ML detector, or a scored hypothesis. This is the CDP (Compositional Defense Pipelines) contract — the skill MUST NOT print a free-text "this looks vulnerable" verdict that is not backed by one of those three terminators.

The skill is defender-first. It MUST NOT load raven/redteam/offensive.py, raven/tools/metasploit_integration.py, raven/tools/empire_client.py, raven/tools/exploitdb*.py, or any other excluded-from-Defender-Edition module listed in raven-modules.md.