Vulnetix Vulnerability Dashboard

This skill reads .vulnetix/memory.yaml and displays a comprehensive vulnerability status report. It is read-only and does not modify any files.

Workflow

Step 1: Load Memory

• Use Glob to check if .vulnetix/memory.yaml exists in the repo root
• If it does not exist, display: "No vulnerability data found. Run /vulnetix:vuln <package> or /vulnetix:exploits-search to start tracking." and stop.
• Use Read to load the full contents of .vulnetix/memory.yaml

Step 2: Parse and Categorize

From the vulnerabilities: section, categorize each entry:

Open (unresolved):

• status: affected -- "Vulnerable"


• status: under_investigation -- "Investigating"

• status: fixed -- "Fixed"


• status: not_affected -- "Not affected"


• Entries with decision.choice: risk-accepted -- "Risk accepted"


• Entries with decision.choice: deferred -- "Deferred"

Step 3: Display Summary Header

Vulnetix Security Dashboard
============================
Open: <N> (<X> vulnerable, <Y> investigating)
Resolved: <N> (<X> fixed, <Y> not affected, <Z> risk-accepted, <W> deferred)
Manifests tracked: <N> (last scan: <timestamp>)

If there are zero vulnerabilities and zero manifests, display: "Clean slate -- no vulnerabilities tracked yet."

Step 4: Open Vulnerabilities Table

If there are open vulnerabilities, display them sorted by CWSS priority (P1 first), then by severity:

Open Vulnerabilities
--------------------
| ID | Package | Severity | Status | Priority | Decision |
|----|---------|----------|--------|----------|----------|
| CVE-2021-44228 | log4j-core | critical | Vulnerable | P1 (87.5) | investigating |
| GHSA-xxxx-yyyy | express | high | Investigating | P2 (62.0) | investigating |

For each column:

• ID: Primary vulnerability key


• Package: package field


• Severity: severity field


• Status: Developer-friendly status (see VEX mapping above)


• Priority: cwss.priority and cwss.score if available, otherwise "--"


• Decision: decision.choice if available, otherwise "--"

Step 5: Resolved Vulnerabilities Table

If there are resolved vulnerabilities, display them:

Resolved Vulnerabilities
------------------------
| ID | Package | Severity | Resolution | Decision | Date |
|----|---------|----------|------------|----------|------|
| CVE-2023-1234 | lodash | high | Fixed | fix-applied | 2024-01-15 |

For the Date column, use the most recent history entry timestamp, or discovery.date as fallback.

Step 6: Manifest Tracking

If manifests are tracked, display:

Tracked Manifests
-----------------
| Manifest | Ecosystem | Last Scanned | Vulns Found |
|----------|-----------|--------------|-------------|
| package.json | npm | 2024-01-15T10:30:00Z | 3 |
| go.mod | go | 2024-01-15T10:31:00Z | 0 |

Step 7: Suggested Actions

For each open vulnerability (up to 5), suggest a next action based on its state:

• Has no threat_model or cwss: "/vulnetix:exploits <id>" -- get exploit analysis and priority scoring
• Has cwss but no fix applied: "/vulnetix:fix <id>" -- get fix intelligence
• General: "/vulnetix:remediation <id>" -- get a full remediation plan

Always end with: "Use /vulnetix:vuln <id> for detailed info on any vulnerability."