login
lhassa8

veridano-cybersecurity-intelligence

by @lhassa8 in Security
0
0
# Install this skill:
npx skills add lhassa8/veridano-skill

Or install specific skill: npx add-skill https://github.com/lhassa8/veridano-skill

# Description

>

# SKILL.md

name: veridano-cybersecurity-intelligence
description: >
Real-time government cybersecurity intelligence from CISA, FBI, NIST, NSA, and 10+ agencies.
Use when discussing CVEs, vulnerabilities, threat actors, compliance, or security advisories.
Provides authoritative data via live API calls to NVD, CISA KEV, and 400+ indexed government documents.

Veridano Cybersecurity Intelligence

Veridano is a government cybersecurity intelligence platform that provides Claude with real-time access to authoritative security data from US, UK, and EU government agencies.

When to Use This Skill

Activate this skill when the user:
- Mentions a CVE identifier (e.g., CVE-2024-3400, CVE-2023-44487)
- Asks about active exploits or whether a vulnerability is being exploited in the wild
- Inquires about CISA Known Exploited Vulnerabilities (KEV) or BOD 22-01 compliance
- Requests threat intelligence on ransomware, APT groups, or nation-state actors
- Needs security guidance from government agencies (CISA advisories, FBI alerts, NIST frameworks)
- Asks about ICS/OT security or industrial control system vulnerabilities
- Discusses emergency directives or federal cybersecurity mandates

Available Tools

1. get_cve_details

Fetches real-time CVE information from NIST NVD API 2.0.

Returns:
- CVE description
- CVSS score and severity (CRITICAL/HIGH/MEDIUM/LOW)
- Published and last modified dates
- Reference URLs
- Affected products

Example:

{"name": "get_cve_details", "arguments": {"cve_id": "CVE-2024-3400"}}

2. check_cisa_kev

Checks if a CVE is in CISA's Known Exploited Vulnerabilities catalog.

Returns:
- Whether CVE is actively exploited
- Vendor and product affected
- Date added to KEV
- Required remediation deadline
- Whether used in ransomware campaigns

Example:

{"name": "check_cisa_kev", "arguments": {"cve_id": "CVE-2024-3400"}}

Semantic search across 400+ indexed government cybersecurity documents.

Returns:
- Relevant documents from CISA, FBI, NIST, NSA, DHS, etc.
- Document titles, sources, and publication dates
- Similarity scores for relevance ranking

Example:

{"name": "veridano_search", "arguments": {"query": "ransomware mitigation guidance", "top_k": 5}}

API Endpoint

POST https://7lqg8v66p1.execute-api.us-east-1.amazonaws.com/prod/mcp
Content-Type: application/json

Instructions

  1. Always check both CVE details AND KEV status when a user mentions a specific CVE
  2. Prominently flag actively exploited vulnerabilities - these require immediate attention per federal mandate
  3. Cite sources when presenting findings (e.g., "According to CISA advisory AA24-131A...")
  4. Use semantic search for broader threat intelligence queries
  5. Combine tools - for example, search for related advisories after checking a CVE

Response Guidelines

When presenting CVE information:

**CVE-2024-3400** (Palo Alto Networks PAN-OS)
- Severity: CRITICAL (CVSS 10.0)
- Status: ⚠️ ACTIVELY EXPLOITED (CISA KEV)
- Deadline: Patch by April 19, 2024
- Action: Apply vendor mitigations immediately

When presenting search results:

Found 5 relevant government documents:
1. "CISA Analysis of Ransomware Trends" (CISA, May 2024)
2. "Emergency Directive on Palo Alto Networks" (CISA, April 2024)
...

Data Sources

Agency Content Update Frequency
NIST NVD 200,000+ CVEs Real-time
CISA KEV Actively exploited CVEs Real-time
CISA Advisories, BODs, Emergency Directives 4-6 hours
FBI IC3 Private Industry Notifications 12 hours
NSA APT reports, cryptographic guidance Weekly
USCYBERCOM Threat intelligence Weekly
NIST SP 800 series, frameworks 6 hours

Limitations

  • Semantic search covers ~400 indexed documents (expanding)
  • Some historical advisories may not be indexed
  • Real-time APIs (NVD, KEV) are always current
  • Rate limits apply to API calls

Examples

Example 1: CVE Lookup

User: "What can you tell me about CVE-2024-3400?"

Response approach:
1. Call get_cve_details for CVE-2024-3400
2. Call check_cisa_kev for CVE-2024-3400
3. Present combined findings with severity, exploit status, and remediation guidance

Example 2: Threat Research

User: "What guidance does CISA have on defending against Chinese APT groups?"

Response approach:
1. Call veridano_search with query "Chinese state-sponsored cyber threat"
2. Present relevant advisories and guidance documents
3. Summarize key recommendations

Example 3: Compliance Check

User: "Are there any emergency directives affecting Cisco products?"

Response approach:
1. Call veridano_search with query "emergency directive Cisco"
2. List applicable directives with deadlines and requirements

# README.md

Veridano Cybersecurity Intelligence Skill

A Claude Skill that provides real-time access to government cybersecurity intelligence from CISA, FBI, NIST, NSA, and 10+ agencies.

Works with both Claude Code AND Claude.ai (chat)!

Quick Install

Claude.ai (Chat)

  1. Download: veridano-skill-claude-chat.zip
  2. Go to Claude.ai β†’ Settings β†’ Capabilities β†’ Skills
  3. Click "Upload skill" and select the ZIP
  4. Done! Claude will auto-activate when you ask about CVEs or security topics

Claude Code

git clone https://github.com/lhassa8/veridano-skill ~/.claude/skills/veridano-cybersecurity-intelligence

What It Does

When you discuss cybersecurity topics with Claude, this skill enables:

  • Real-time CVE lookups from NIST NVD (200,000+ vulnerabilities)
  • CISA KEV status checks to identify actively exploited vulnerabilities
  • Semantic search across 400+ indexed government security documents

Installation

# Add the skill via plugin
/plugin add https://github.com/veridano/veridano-skill

# Or install to personal skills directory
git clone https://github.com/veridano/veridano-skill ~/.claude/skills/veridano-cybersecurity-intelligence

Option 2: Project Installation

Add to your project's .claude/skills/ directory:

cd your-project
mkdir -p .claude/skills
git clone https://github.com/veridano/veridano-skill .claude/skills/veridano-cybersecurity-intelligence

Option 3: Manual Installation

  1. Download/clone this repository
  2. Copy the folder to ~/.claude/skills/veridano-cybersecurity-intelligence/
  3. Restart Claude Code

Usage

Once installed, Claude automatically uses this skill when you ask about:

  • CVE vulnerabilities (e.g., "Tell me about CVE-2024-3400")
  • Active exploits (e.g., "Is this CVE being exploited?")
  • Threat intelligence (e.g., "What's CISA's guidance on ransomware?")
  • Security compliance (e.g., "Any emergency directives for Cisco?")

Example Queries

"What's the severity of CVE-2024-3400?"
β†’ Returns CVSS 10.0 CRITICAL with exploit status

"Is CVE-2023-44487 actively exploited?"
β†’ Checks CISA KEV catalog, returns exploitation details

"What does CISA recommend for defending against Chinese APT groups?"
β†’ Searches indexed advisories, returns relevant guidance

"Show me emergency directives affecting Microsoft products"
β†’ Returns matching directives with compliance deadlines

Available Tools

Tool Description
get_cve_details Real-time CVE lookup from NIST NVD API 2.0
check_cisa_kev Check if CVE is in CISA Known Exploited Vulnerabilities
veridano_search Semantic search across government security documents

Data Sources

Agency Content Update Frequency
NIST NVD 200,000+ CVEs Real-time
CISA KEV, Advisories, BODs, Emergency Directives Real-time / 4-6 hours
FBI IC3 Private Industry Notifications 12 hours
NSA APT reports, cryptographic guidance Weekly
USCYBERCOM Threat intelligence Weekly
DHS Binding Operational Directives Daily
Treasury/FinCEN Financial cyber crime Daily
NCSC (UK) UK threat intelligence Daily
ENISA (EU) EU cybersecurity policy Daily

API Endpoint

The skill connects to:

https://7lqg8v66p1.execute-api.us-east-1.amazonaws.com/prod/mcp

No API key required for public access.

Python Client

A standalone Python client is included for direct API access:

from scripts.veridano_client import get_cve_details, check_cisa_kev, search

# Get CVE details
cve = get_cve_details("CVE-2024-3400")
print(f"Severity: {cve['severity']} (CVSS {cve['cvss_score']})")

# Check if actively exploited
kev = check_cisa_kev("CVE-2024-3400")
if kev['in_kev']:
    print(f"⚠️ Actively exploited! Patch by {kev['due_date']}")

# Search for guidance
results = search("ransomware defense", top_k=5)
for doc in results['results']:
    print(f"- {doc['title']} [{doc['source']}]")

CLI usage:

python scripts/veridano_client.py cve CVE-2024-3400
python scripts/veridano_client.py kev CVE-2024-3400
python scripts/veridano_client.py search "zero trust architecture"
python scripts/veridano_client.py report CVE-2024-3400

Requirements

  • Claude Code, Claude.com (Pro/Max/Team/Enterprise), or Claude API
  • Internet access to reach Veridano API

License

Apache 2.0

About Veridano

Veridano is an AI-native government cybersecurity intelligence platform. Learn more at veridano.com.

Support

  • Issues: GitHub Issues
  • Documentation: See reference.md and examples.md

# Related Skills

OneKeyHQ
pr-review @OneKeyHQ

Security-first PR review checklist for this repo. Use when reviewing diffs/PRs, especially...

β˜… 2,270
BrownFineSecurity
nmap @BrownFineSecurity

Professional network reconnaissance and port scanning using nmap. Supports various scan types...

β˜… 529

# Supported AI Coding Agents

This skill is compatible with the SKILL.md standard and works with all major AI coding agents:

⚑ Amp πŸš€ Antigravity πŸ€– Claude Code πŸ¦€ Clawdbot πŸ“ Codex ▢️ Cursor πŸ€– Droid πŸ’Ž Gemini CLI πŸ™ GitHub Copilot πŸͺΏ Goose πŸ“Š Kilo Code πŸ”§ Kiro CLI πŸ’» OpenCode 🦘 Roo Code 🌲 Trae πŸ„ Windsurf

Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.