ログイン
lhassa8

veridano-cybersecurity-intelligence

by @lhassa8 in Security
0
0
# Install this skill:
npx skills add lhassa8/veridano-skill

Or install specific skill: npx add-skill https://github.com/lhassa8/veridano-skill

# Description

>

# SKILL.md

name: veridano-cybersecurity-intelligence
description: >
Real-time government cybersecurity intelligence from CISA, FBI, NIST, NSA, and 10+ agencies.
Use when discussing CVEs, vulnerabilities, threat actors, compliance, or security advisories.
Provides authoritative data via live API calls to NVD, CISA KEV, and 400+ indexed government documents.

Veridano Cybersecurity Intelligence

Veridano is a government cybersecurity intelligence platform that provides Claude with real-time access to authoritative security data from US, UK, and EU government agencies.

When to Use This Skill

Activate this skill when the user:
- Mentions a CVE identifier (e.g., CVE-2024-3400, CVE-2023-44487)
- Asks about active exploits or whether a vulnerability is being exploited in the wild
- Inquires about CISA Known Exploited Vulnerabilities (KEV) or BOD 22-01 compliance
- Requests threat intelligence on ransomware, APT groups, or nation-state actors
- Needs security guidance from government agencies (CISA advisories, FBI alerts, NIST frameworks)
- Asks about ICS/OT security or industrial control system vulnerabilities
- Discusses emergency directives or federal cybersecurity mandates

Available Tools

1. get_cve_details

Fetches real-time CVE information from NIST NVD API 2.0.

Returns:
- CVE description
- CVSS score and severity (CRITICAL/HIGH/MEDIUM/LOW)
- Published and last modified dates
- Reference URLs
- Affected products

Example:

{"name": "get_cve_details", "arguments": {"cve_id": "CVE-2024-3400"}}

2. check_cisa_kev

Checks if a CVE is in CISA's Known Exploited Vulnerabilities catalog.

Returns:
- Whether CVE is actively exploited
- Vendor and product affected
- Date added to KEV
- Required remediation deadline
- Whether used in ransomware campaigns

Example:

{"name": "check_cisa_kev", "arguments": {"cve_id": "CVE-2024-3400"}}

Semantic search across 400+ indexed government cybersecurity documents.

Returns:
- Relevant documents from CISA, FBI, NIST, NSA, DHS, etc.
- Document titles, sources, and publication dates
- Similarity scores for relevance ranking

Example:

{"name": "veridano_search", "arguments": {"query": "ransomware mitigation guidance", "top_k": 5}}

API Endpoint

POST https://7lqg8v66p1.execute-api.us-east-1.amazonaws.com/prod/mcp
Content-Type: application/json

Instructions

  1. Always check both CVE details AND KEV status when a user mentions a specific CVE
  2. Prominently flag actively exploited vulnerabilities - these require immediate attention per federal mandate
  3. Cite sources when presenting findings (e.g., "According to CISA advisory AA24-131A...")
  4. Use semantic search for broader threat intelligence queries
  5. Combine tools - for example, search for related advisories after checking a CVE

Response Guidelines

When presenting CVE information:

**CVE-2024-3400** (Palo Alto Networks PAN-OS)
- Severity: CRITICAL (CVSS 10.0)
- Status: ⚠️ ACTIVELY EXPLOITED (CISA KEV)
- Deadline: Patch by April 19, 2024
- Action: Apply vendor mitigations immediately

When presenting search results:

Found 5 relevant government documents:
1. "CISA Analysis of Ransomware Trends" (CISA, May 2024)
2. "Emergency Directive on Palo Alto Networks" (CISA, April 2024)
...

Data Sources

Agency Content Update Frequency
NIST NVD 200,000+ CVEs Real-time
CISA KEV Actively exploited CVEs Real-time
CISA Advisories, BODs, Emergency Directives 4-6 hours
FBI IC3 Private Industry Notifications 12 hours
NSA APT reports, cryptographic guidance Weekly
USCYBERCOM Threat intelligence Weekly
NIST SP 800 series, frameworks 6 hours

Limitations

  • Semantic search covers ~400 indexed documents (expanding)
  • Some historical advisories may not be indexed
  • Real-time APIs (NVD, KEV) are always current
  • Rate limits apply to API calls

Examples

Example 1: CVE Lookup

User: "What can you tell me about CVE-2024-3400?"

Response approach:
1. Call get_cve_details for CVE-2024-3400
2. Call check_cisa_kev for CVE-2024-3400
3. Present combined findings with severity, exploit status, and remediation guidance

Example 2: Threat Research

User: "What guidance does CISA have on defending against Chinese APT groups?"

Response approach:
1. Call veridano_search with query "Chinese state-sponsored cyber threat"
2. Present relevant advisories and guidance documents
3. Summarize key recommendations

Example 3: Compliance Check

User: "Are there any emergency directives affecting Cisco products?"

Response approach:
1. Call veridano_search with query "emergency directive Cisco"
2. List applicable directives with deadlines and requirements

# README.md

Veridano Cybersecurity Intelligence Skill

A Claude Skill that provides real-time access to government cybersecurity intelligence from CISA, FBI, NIST, NSA, and 10+ agencies.

Works with both Claude Code AND Claude.ai (chat)!

Quick Install

Claude.ai (Chat)

  1. Download: veridano-skill-claude-chat.zip
  2. Go to Claude.ai → Settings → Capabilities → Skills
  3. Click "Upload skill" and select the ZIP
  4. Done! Claude will auto-activate when you ask about CVEs or security topics

Claude Code

git clone https://github.com/lhassa8/veridano-skill ~/.claude/skills/veridano-cybersecurity-intelligence

What It Does

When you discuss cybersecurity topics with Claude, this skill enables:

  • Real-time CVE lookups from NIST NVD (200,000+ vulnerabilities)
  • CISA KEV status checks to identify actively exploited vulnerabilities
  • Semantic search across 400+ indexed government security documents

Installation

# Add the skill via plugin
/plugin add https://github.com/veridano/veridano-skill

# Or install to personal skills directory
git clone https://github.com/veridano/veridano-skill ~/.claude/skills/veridano-cybersecurity-intelligence

Option 2: Project Installation

Add to your project's .claude/skills/ directory:

cd your-project
mkdir -p .claude/skills
git clone https://github.com/veridano/veridano-skill .claude/skills/veridano-cybersecurity-intelligence

Option 3: Manual Installation

  1. Download/clone this repository
  2. Copy the folder to ~/.claude/skills/veridano-cybersecurity-intelligence/
  3. Restart Claude Code

Usage

Once installed, Claude automatically uses this skill when you ask about:

  • CVE vulnerabilities (e.g., "Tell me about CVE-2024-3400")
  • Active exploits (e.g., "Is this CVE being exploited?")
  • Threat intelligence (e.g., "What's CISA's guidance on ransomware?")
  • Security compliance (e.g., "Any emergency directives for Cisco?")

Example Queries

"What's the severity of CVE-2024-3400?"
→ Returns CVSS 10.0 CRITICAL with exploit status

"Is CVE-2023-44487 actively exploited?"
→ Checks CISA KEV catalog, returns exploitation details

"What does CISA recommend for defending against Chinese APT groups?"
→ Searches indexed advisories, returns relevant guidance

"Show me emergency directives affecting Microsoft products"
→ Returns matching directives with compliance deadlines

Available Tools

Tool Description
get_cve_details Real-time CVE lookup from NIST NVD API 2.0
check_cisa_kev Check if CVE is in CISA Known Exploited Vulnerabilities
veridano_search Semantic search across government security documents

Data Sources

Agency Content Update Frequency
NIST NVD 200,000+ CVEs Real-time
CISA KEV, Advisories, BODs, Emergency Directives Real-time / 4-6 hours
FBI IC3 Private Industry Notifications 12 hours
NSA APT reports, cryptographic guidance Weekly
USCYBERCOM Threat intelligence Weekly
DHS Binding Operational Directives Daily
Treasury/FinCEN Financial cyber crime Daily
NCSC (UK) UK threat intelligence Daily
ENISA (EU) EU cybersecurity policy Daily

API Endpoint

The skill connects to:

https://7lqg8v66p1.execute-api.us-east-1.amazonaws.com/prod/mcp

No API key required for public access.

Python Client

A standalone Python client is included for direct API access:

from scripts.veridano_client import get_cve_details, check_cisa_kev, search

# Get CVE details
cve = get_cve_details("CVE-2024-3400")
print(f"Severity: {cve['severity']} (CVSS {cve['cvss_score']})")

# Check if actively exploited
kev = check_cisa_kev("CVE-2024-3400")
if kev['in_kev']:
    print(f"⚠️ Actively exploited! Patch by {kev['due_date']}")

# Search for guidance
results = search("ransomware defense", top_k=5)
for doc in results['results']:
    print(f"- {doc['title']} [{doc['source']}]")

CLI usage:

python scripts/veridano_client.py cve CVE-2024-3400
python scripts/veridano_client.py kev CVE-2024-3400
python scripts/veridano_client.py search "zero trust architecture"
python scripts/veridano_client.py report CVE-2024-3400

Requirements

  • Claude Code, Claude.com (Pro/Max/Team/Enterprise), or Claude API
  • Internet access to reach Veridano API

License

Apache 2.0

About Veridano

Veridano is an AI-native government cybersecurity intelligence platform. Learn more at veridano.com.

Support

  • Issues: GitHub Issues
  • Documentation: See reference.md and examples.md

# Related Skills

OneKeyHQ
pr-review @OneKeyHQ

Security-first PR review checklist for this repo. Use when reviewing diffs/PRs, especially...

★ 2,270
BrownFineSecurity
nmap @BrownFineSecurity

Professional network reconnaissance and port scanning using nmap. Supports various scan types...

★ 529

# Supported AI Coding Agents

This skill is compatible with the SKILL.md standard and works with all major AI coding agents:

Amp 🚀 Antigravity 🤖 Claude Code 🦀 Clawdbot 📝 Codex ▶️ Cursor 🤖 Droid 💎 Gemini CLI 🐙 GitHub Copilot 🪿 Goose 📊 Kilo Code 🔧 Kiro CLI 💻 OpenCode 🦘 Roo Code 🌲 Trae 🏄 Windsurf

Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.