Performs vulnerability remediation on endpoints by prioritizing CVEs based on risk scoring, deploying patches, applying configuration changes, and validating fixes. Use when remediating findings from vulnerability scans, responding to critical CVE advisories, or maintaining endpoint compliance with patch management SLAs. Activates for requests involving vulnerability remediation, CVE patching, endpoint vulnerability management, or security fix deployment.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionperforming-endpoint-vulnerability-remediationExecute the skills CLI command in your project's root directory to begin installation:
Fetches performing-endpoint-vulnerability-remediation from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate performing-endpoint-vulnerability-remediation. Access via /performing-endpoint-vulnerability-remediation in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
8.6K
stars
| name | performing-endpoint-vulnerability-remediation |
| description | 'Performs vulnerability remediation on endpoints by prioritizing CVEs based on risk scoring, deploying patches, applying configuration changes, and validating fixes. Use when remediating findings from vulnerability scans, responding to critical CVE advisories, or maintaining endpoint compliance with patch management SLAs. Activates for requests involving vulnerability remediation, CVE patching, endpoint vulnerability management, or security fix deployment. ' |
| domain | cybersecurity |
| subdomain | endpoint-security |
| tags | - endpoint - vulnerability-management - patching - CVE - remediation - CVSS |
| version | 1.0.0 |
| author | mahipal |
| license | Apache-2.0 |
| nist_csf | - PR.PS-01 - PR.PS-02 - DE.CM-01 - PR.IR-01 |
Use this skill when:
Do not use this skill for vulnerability scanning itself (use scanning tools) or for application-layer vulnerability remediation (use DevSecOps processes).
Priority scoring combines:
1. CVSS Base Score (0-10)
2. EPSS (Exploit Prediction Scoring System) - probability of exploitation
3. CISA KEV (Known Exploited Vulnerabilities) catalog membership
4. Asset criticality (business impact of affected endpoint)
5. Network exposure (internet-facing vs. internal)
Priority Matrix:
P1 (Critical - 14 days SLA):
- CVSS >= 9.0 OR
- Listed in CISA KEV OR
- Active exploitation in the wild + CVSS >= 7.0
P2 (High - 30 days SLA):
- CVSS 7.0-8.9 AND
- EPSS > 0.5 (50% probability of exploitation)
P3 (Medium - 60 days SLA):
- CVSS 4.0-6.9 OR
- CVSS 7.0-8.9 with EPSS < 0.1
P4 (Low - 90 days SLA):
- CVSS < 4.0 AND
- No known exploit
For each vulnerability, determine the appropriate remediation:
Remediation Types:
1. Patch: Apply vendor security update (most common)
2. Configuration change: Modify settings to mitigate (registry, GPO)
3. Upgrade: Update to newer software version
4. Workaround: Apply temporary mitigation when patch unavailable
5. Compensating control: Network segmentation, WAF rule, EDR rule
6. Accept risk: Document accepted risk with CISO sign-off
# WSUS: Approve patches for deployment
# 1. Open WSUS Console
# 2. Navigate to Updates → Security Updates
# 3. Approve selected KBs for target computer groups
# SCCM: Create Software Update Group
# 1. Software Library → Software Updates → All Software Updates
# 2. Select required KBs → Create Software Update Group
# 3. Deploy to target collection with maintenance window
# Intune: Create Windows Update Ring
# Devices → Windows → Update rings
# Configure: Quality updates deferral = 0 days (for critical)
# Feature updates deferral = per policy
# PowerShell: Force Windows Update check
Install-Module PSWindowsUpdate -Force
Get-WindowsUpdate -KBArticleID "KB5034441" -Install -AcceptAll -AutoReboot
# Verify patch installation
Get-HotFix -Id "KB5034441"
systeminfo | findstr "KB5034441"
# Example: Disable SMBv1 (CVE-2017-0144 - EternalBlue)
Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart
# Example: Disable Print Spooler on non-print servers (CVE-2021-34527 - PrintNightmare)
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled
# Example: Disable LLMNR (credential theft mitigation)
# Via GPO: Computer Configuration → Admin Templates → Network → DNS Client
# Turn off multicast name resolution: Enabled
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" `
-Name EnableMulticast -Value 0 -PropertyType DWORD -Force
# Example: Restrict NTLM authentication
# Via GPO: Security Settings → Local Policies → Security Options
# Network security: Restrict NTLM: Audit/Deny
When vendor patch is not yet available:
1. Check vendor advisory for workarounds
- Microsoft: https://msrc.microsoft.com/update-guide
- Adobe: https://helpx.adobe.com/security.html
- Linux: Distribution security trackers
2. Apply temporary mitigations:
- Disable vulnerable feature/service
- Deploy EDR detection rule for exploitation attempt
- Apply network-level blocking (WAF/firewall rules)
- Restrict access to vulnerable application
3. Monitor for patch release:
- Subscribe to vendor security mailing list
- Monitor CISA KEV additions
- Set calendar reminder for next Patch Tuesday
4. Document workaround with expiration date
# Re-scan remediated endpoints to confirm vulnerability closure
# Option 1: Targeted vulnerability scan
nessuscli scan --target 192.168.1.0/24 --plugin-id 12345
# Option 2: PowerShell verification
# Check specific KB is installed
$kb = Get-HotFix -Id "KB5034441" -ErrorAction SilentlyContinue
if ($kb) {
Write-Host "PASS: KB5034441 installed on $(hostname)" -ForegroundColor Green
} else {
Write-Host "FAIL: KB5034441 missing on $(hostname)" -ForegroundColor Red
}
# Check service is disabled
$svc = Get-Service -Name Spooler
if ($svc.StartType -eq 'Disabled') {
Write-Host "PASS: Print Spooler disabled" -ForegroundColor Green
}
# Check registry configuration
$val = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" `
-Name SMB1 -ErrorAction SilentlyContinue
if ($val.SMB1 -eq 0) {
Write-Host "PASS: SMBv1 disabled" -ForegroundColor Green
}
Generate remediation status report:
Remediation Metrics:
- Total vulnerabilities: X
- Remediated: Y (Z%)
- Pending (within SLA): A
- Overdue (past SLA): B
- Accepted risk: C
- Mean time to remediate (MTTR): D days
- SLA compliance rate: E%
| Term | Definition |
|---|---|
| CVSS | Common Vulnerability Scoring System; 0-10 severity scale for vulnerabilities |
| EPSS | Exploit Prediction Scoring System; probability (0-1) that a CVE will be exploited in the wild within 30 days |
| CISA KEV | CISA Known Exploited Vulnerabilities catalog; federal mandate to patch these CVEs within specified timeframes |
| SLA | Service Level Agreement for remediation timelines based on vulnerability severity |
| MTTR | Mean Time To Remediate; average days from vulnerability discovery to confirmed fix |
| Compensating Control | Alternative security measure when direct remediation is not feasible |
Prerequisites
Time Estimate
15-45 minutes depending on use case complexity
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
✗ Avoid when
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
performing-endpoint-vulnerability-remediation is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
Keeps context tight: performing-endpoint-vulnerability-remediation is the kind of skill you can hand to a new teammate without a long onboarding doc.
Solid pick for teams standardizing on skills: performing-endpoint-vulnerability-remediation is focused, and the summary matches what you get after install.
Registry listing for performing-endpoint-vulnerability-remediation matched our evaluation — installs cleanly and behaves as described in the markdown.
performing-endpoint-vulnerability-remediation has been reliable in day-to-day use. Documentation quality is above average for community skills.
performing-endpoint-vulnerability-remediation reduced setup friction for our internal harness; good balance of opinion and flexibility.
I recommend performing-endpoint-vulnerability-remediation for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
performing-endpoint-vulnerability-remediation fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
performing-endpoint-vulnerability-remediation fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
We added performing-endpoint-vulnerability-remediation from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
showing 1-10 of 47