What is KEV-style triage?

It combines KEV-like exploitation context with asset criticality to prioritize vulnerability remediation and patching decisions.

Can I customize the scoring?

Yes. The scoring rationale is described in references/triage-method.md and can be adjusted to fit policy.

What outputs does the tool produce?

A patch-priority plan, a concise remediation summary, and due-window guidance for remediation efforts.

cyber-kev-triage

Scanned

npx machina-cli add skill 0x-Professor/Agent-Skills-Hub/cyber-kev-triage --openclaw

Files (1)

SKILL.md

950 B

Cyber KEV Triage

Overview

Create a patch-priority plan by combining vulnerability severity, exploitation status, and business criticality of affected assets.

Workflow

Collect vulnerabilities with CVE, CVSS, exploitation indicator, and affected asset.
Map each vulnerability to asset criticality.
Score and rank vulnerabilities into patch priority tiers.
Produce concise remediation summary and due-window guidance.

Use Bundled Resources

Run scripts/kev_triage.py for deterministic triage output.
Read references/triage-method.md for scoring rationale and review checks.

Guardrails

Keep output defensive and remediation-focused.
Do not generate exploit payloads or offensive execution steps.

Source

git clone https://github.com/0x-Professor/Agent-Skills-Hub/blob/main/skills/cyber-kev-triage/SKILL.mdView on GitHub

Overview

Cyber KEV Triage builds a patch-priority plan by merging vulnerability severity, exploitation status, and the business criticality of affected assets. This supports CVE triage, patch ordering decisions, and remediation reporting.

How This Skill Works

The workflow collects vulnerabilities with CVE identifiers, CVSS scores, exploitation indicators, and affected assets. Each vulnerability is mapped to asset criticality, then scored and ranked into patch-priority tiers. The result is a concise remediation summary with due-window guidance, deterministically produced via scripts/kev_triage.py and informed by references/triage-method.md.

When to Use It

During initial CVE triage when receiving vulnerability feeds and asset inventory
Prioritizing patch order across a mixed environment (production, staging, and non-production assets)
Preparing remediation reporting for security leadership or auditors
Reassessing priorities when exploitation indicators change or new exploits emerge
Generating a deterministic triage output for change management and remediation planning

Quick Start

Step 1: Run the deterministic triage tool: python3 scripts/kev_triage.py
Step 2: Ensure CVE, CVSS, exploitation indicators, and affected assets are collected and mapped to asset criticality
Step 3: Review the remediation summary and due-window guidance for action

Best Practices

Collect CVE, CVSS, exploitation indicators, and affected asset data consistently to ensure accurate scoring
Map vulnerabilities to asset criticality using authoritative asset inventories
Utilize the deterministic kev_triage.py tool for repeatable triage outputs
Review scoring rationale with references/triage-method.md to align with policy
Keep remediation outputs defensive and actionable; avoid including exploit payloads

Example Use Cases

A critical database server receives several CVEs; high priority is assigned based on asset criticality and exploitation status, shaping patch sequencing
Production systems get tighter due-window guidance while non-production assets receive longer windows
Vulnerabilities without exploitation indicators are deprioritized in favor of actively exploited issues
Remediation reporting summarizes fixes, owners, and due dates for leadership review
kev_triage.py outputs a deterministic triage result suitable for audit and change planning

Frequently Asked Questions

Add this skill to your agents