Skip to content

SKILL.md

Latest commit

 

History

History
130 lines (110 loc) · 4.11 KB

SKILL.md

File metadata and controls

130 lines (110 loc) · 4.11 KB
name agent-bom-analyze
description Analyze blast radius, attack paths, and threat landscape across your AI infrastructure. Use when: "blast radius", "threat intel", "risk score", "attack path", "lateral movement", "context graph", "who can reach what".
version 0.75.12
license Apache-2.0
compatibility Requires Python 3.11+. Install via pipx or pip. No credentials required for blast radius and context graph analysis. Threat intelligence lookups query EPSS and CVE databases.
metadata
author homepage source pypi scorecard tests install openclaw
msaad00
6533
pipx pip docker
agent-bom
agent-bom
ghcr.io/msaad00/agent-bom:0.75.12
requires credential_policy optional_env optional_bins emoji homepage source license os data_flow file_reads file_writes network_endpoints telemetry persistence privilege_escalation always autonomous_invocation
bins env credentials
none
Zero credentials required. Blast radius and context graph analysis operate on local scan data. EPSS and CVE lookups send only public CVE IDs — no internal data.
💥
Apache-2.0
darwin
linux
windows
Blast radius and context graph analysis operate on local scan results in memory. Only public CVE IDs are sent to EPSS and vulnerability databases for threat intelligence enrichment. No internal config data, credentials, or scan results leave the machine.
url purpose auth
EPSS exploit probability scores for CVEs found in scan
false
url purpose auth
OSV vulnerability database — CVE detail lookup
false
false
false
false
false
restricted

agent-bom-analyze — Blast Radius & Attack Path Analysis

Analyzes blast radius, attack paths, and the threat landscape across your AI infrastructure. Maps lateral movement risks, identifies high-impact CVEs, and visualizes agent context graphs.

Install

pipx install agent-bom
agent-bom agents --verbose   # blast radius detail for each agent
agent-bom graph              # generate context graph

When to Use

  • "blast radius" / "what's the blast radius"
  • "threat intel" / "threat intelligence"
  • "risk score" / "risk scoring"
  • "attack path" / "attack paths"
  • "lateral movement"
  • "context graph" / "agent graph"
  • "who can reach what"

Commands

# Blast radius detail (verbose)
agent-bom agents --verbose

# Generate context graph
agent-bom graph

Tools

Tool Description
blast_radius Map CVE impact chain across agents, servers, and credentials
context_graph Agent context graph with lateral movement analysis
analytics_query Query vulnerability trends, posture history, and risk scores

Examples

# Map blast radius of a specific CVE
blast_radius(cve_id="CVE-2024-21538")

# Build full context graph
context_graph()

# Query top CVEs by blast radius impact
analytics_query(query="top_blast_radius", days=30)

Example blast radius output:

CVE-2024-21538 — CRITICAL (CVSS 9.8, EPSS 0.94)
Blast Radius: 4 agents affected

  filesystem   [direct]  langchain 0.1.0 → CVE-2024-21538
    └─ github  [indirect] shares filesystem credential scope
    └─ slack   [indirect] accessible via filesystem tool call
  postgres     [direct]  langchain 0.1.0 → CVE-2024-21538

Recommended: Update langchain to ≥ 0.1.17

Guardrails

  • Analysis is read-only — no files are modified.
  • Only public CVE IDs are sent externally (to EPSS and vulnerability databases).
  • No internal config data, credentials, or agent details leave the machine.
  • Present blast radius findings clearly and ask the user whether to generate a remediation plan when CRITICAL CVEs are found.