Does it support the latest CVSS standards?

Yes, it provides detailed logic and metric groups for CVSS v3.1, including Base, Temporal, and Environmental score calculations.

Can I use this for patch management workflows?

Absolutely. The skill includes predefined SLA targets based on severity and templates for remediation lifecycles from discovery through verification.

Does it help with external security researchers?

Yes, it provides best practices and workflows for implementing Vulnerability Disclosure Programs (VDP) and managing bug bounty submissions.

How does this skill help prioritize vulnerabilities?

It uses a multi-factor prioritization framework that weighs CVSS base scores alongside EPSS probability, CISA KEV status, asset criticality, and data sensitivity to identify the most urgent risks.

What tools does this skill interact with?

It is designed to work with filesystem tools for policy documentation and search tools like Perplexity to fetch real-time exploit intelligence and CVE details.

Vulnerability Management

Name: Vulnerability Management
Author: melodic-software

bymelodic-software

•

Security & Testing

Manages the end-to-end security vulnerability lifecycle from discovery and risk-based prioritization to remediation and disclosure.

This skill equips Claude with specialized expertise for managing security vulnerabilities within professional software environments. It provides structured guidance for interpreting CVSS v3.1 metrics, applying advanced risk-based prioritization using EPSS and KEV data, and establishing robust remediation workflows. By integrating asset criticality and exposure context, it helps teams move beyond simple severity scores to address the threats that pose the highest actual risk to their infrastructure and users.

Key Features

01Multi-factor risk prioritization using EPSS, KEV, and asset criticality

02CVE and CWE tracking with structured data interpretation

03CVSS v3.1 score calculation including temporal and environmental metrics

04Standardized remediation workflow design and SLA policy creation

0512 GitHub stars

06Vulnerability disclosure and bug bounty program implementation guidance

Use Cases

01Prioritizing security patches by combining CVSS scores with real-world exploit probability (EPSS)

02Calculating contextual risk scores for vulnerabilities discovered in specific production environments

03Designing a vulnerability management program for a new engineering organization

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add melodic-software/claude-code-plugins vulnerability-management

For use in Claude.ai and ChatGPT

Download Skill