{"id":49786086,"url":"https://github.com/blamejs/exceptd-skills","last_synced_at":"2026-05-30T01:04:27.714Z","repository":{"id":357179645,"uuid":"1235753214","full_name":"blamejs/exceptd-skills","owner":"blamejs","description":"AI security skills grounded in mid-2026 threat reality, not stale framework documentation","archived":false,"fork":false,"pushed_at":"2026-05-27T04:41:01.000Z","size":8779,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-27T05:28:05.660Z","etag":null,"topics":["agents-md","ai-security","ai-skills","cisa-kev","claude-code","codex","compliance","cve","d3fend","dora","eu-ai-act","iso-27001","mitre-atlas","nis2","nist","rwep","security","threat-intelligence"],"latest_commit_sha":null,"homepage":"https://exceptd.com","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blamejs.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":"MAINTAINERS.md","copyright":null,"agents":"AGENTS.md","dco":null,"cla":null},"funding":{"github":["dotCooCoo"],"ko_fi":"dotcoocoo"}},"created_at":"2026-05-11T16:11:10.000Z","updated_at":"2026-05-27T04:38:21.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/blamejs/exceptd-skills","commit_stats":null,"previous_names":["blamejs/exceptd-skills"],"tags_count":197,"template":false,"template_full_name":null,"purl":"pkg:github/blamejs/exceptd-skills","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blamejs%2Fexceptd-skills","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blamejs%2Fexceptd-skills/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blamejs%2Fexceptd-skills/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blamejs%2Fexceptd-skills/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blamejs","download_url":"https://codeload.github.com/blamejs/exceptd-skills/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blamejs%2Fexceptd-skills/sbom","scorecard":{"id":1247292,"data":{"date":"2026-05-11T17:42:04Z","repo":{"name":"github.com/blamejs/exceptd-skills","commit":"a090b118be7e9961c52816846e3845ab55c0e83f"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":6.1,"checks":[{"name":"Maintained","score":0,"reason":"project was created within the last 90 days. Please review its contents carefully","details":["Warn: Repository was created within the last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/8 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"CI-Tests","score":-1,"reason":"no pull request found","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:224","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:19","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecard.yml:20","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:64","Info: topLevel 'contents' permission set to 'read': .github/workflows/atlas-currency.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:27","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:10","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"Contributors","score":0,"reason":"project has 0 contributing companies or organizations -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}},{"name":"Pinned-Dependencies","score":4,"reason":"dependency not pinned by hash detected -- score normalized to 4","details":["Warn: containerImage not pinned by hash: docker/test.Dockerfile:34","Warn: containerImage not pinned by hash: docker/test.Dockerfile:58","Warn: containerImage not pinned by hash: docker/test.Dockerfile:66","Warn: npmCommand not pinned by hash: docker/test.Dockerfile:44","Warn: npmCommand not pinned by hash: .github/workflows/atlas-currency.yml:32","Info: 17 out of 17 GitHub-owned GitHubAction dependencies pinned","Info: 1 out of 1 third-party GitHubAction dependencies pinned","Info: 0 out of 3 containerImage dependencies pinned","Info: 0 out of 2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Info: codeowner review is required on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}}]},"last_synced_at":"2026-05-11T18:42:33.098Z","repository_id":357179645,"created_at":"2026-05-11T18:42:33.098Z","updated_at":"2026-05-11T18:42:33.098Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33573300,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-27T02:00:06.184Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agents-md","ai-security","ai-skills","cisa-kev","claude-code","codex","compliance","cve","d3fend","dora","eu-ai-act","iso-27001","mitre-atlas","nis2","nist","rwep","security","threat-intelligence"],"created_at":"2026-05-12T01:08:34.933Z","updated_at":"2026-05-30T01:04:27.707Z","avatar_url":"https://github.com/blamejs.png","language":"JavaScript","funding_links":["https://github.com/sponsors/dotCooCoo","https://ko-fi.com/dotcoocoo"],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cpicture\u003e\n \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"public/img/logo/exceptd-logo-dark.svg\"\u003e\n \u003cimg src=\"public/img/logo/exceptd-logo-primary.svg\" alt=\"exceptd\" width=\"220\" /\u003e\n\u003c/picture\u003e\n\n# exceptd Security\n\n**AI security skills grounded in mid-2026 threat reality, not framework documentation from 2020.**\n\n[![release](https://img.shields.io/github/v/release/blamejs/exceptd-skills?include_prereleases\u0026sort=semver\u0026label=release)](https://github.com/blamejs/exceptd-skills/releases)\n[![npm](https://img.shields.io/npm/v/@blamejs/exceptd-skills.svg?label=npm)](https://www.npmjs.com/package/@blamejs/exceptd-skills)\n[![CI](https://img.shields.io/github/actions/workflow/status/blamejs/exceptd-skills/ci.yml?branch=main\u0026label=CI)](https://github.com/blamejs/exceptd-skills/actions/workflows/ci.yml)\n[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/blamejs/exceptd-skills/badge)](https://scorecard.dev/viewer/?uri=github.com/blamejs/exceptd-skills)\n[![License: Apache 2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)\n[![Skills](https://img.shields.io/badge/skills-42-d946ef)](#skill-inventory)\n[![ATLAS](https://img.shields.io/badge/MITRE%20ATLAS-v5.6.0-d946ef)](https://atlas.mitre.org)\n[![ATT\u0026CK](https://img.shields.io/badge/MITRE%20ATT%26CK-v19.0-d946ef)](https://attack.mitre.org)\n[![Ed25519-signed](https://img.shields.io/badge/skills-Ed25519--signed-2ea043)](AGENTS.md)\n[![Jurisdictions](https://img.shields.io/badge/jurisdictions-35-blue)](data/global-frameworks.json)\n\n\u003c/div\u003e\n\n---\n\n**Core premise:** Every major security and compliance tool on the market is still operating on stale threat models. NIST 800-53, ISO 27001, SOC 2, and PCI-DSS were written for network-centric, on-prem or early-cloud environments. They have no controls for AI pipeline integrity, MCP/agent tool trust boundaries, LLM prompt injection as an access control failure, page-cache exploitation bypassing filesystem integrity checks, or ephemeral infrastructure where traditional asset inventory is architecturally impossible.\n\nThis platform surfaces what is actually happening right now. Every skill explicitly flags where a compliance framework's control is insufficient for current attack patterns. The framework is often the problem, not the org.\n\n## Status\n\nPre-1.0. Latest release lives on [GitHub Releases](https://github.com/blamejs/exceptd-skills/releases) and on npm as [`@blamejs/exceptd-skills`](https://www.npmjs.com/package/@blamejs/exceptd-skills) with signed npm provenance attestation and Ed25519-signed skill bodies. The package ships 42 skills across kernel LPE, MCP supply chain, AI-as-C2, prompt injection, post-quantum crypto, SBOM integrity, identity-incident response, and 35 other AI/security domains, plus 11 intelligence catalogs (CVE / ATLAS / ATT\u0026CK / CWE / D3FEND / DLP / RFC / framework gaps / global frameworks / zero-day lessons / exploit availability) covering 35 jurisdictions — the CVE catalog has grown past 400 entries, its size anchored by a v0.13.17 CISA KEV bulk-intake of `dateAdded \u003e= 2024-01-01` actively-exploited vulnerabilities that took it from 68 to 312 in a single pass. 24 investigation playbooks (kernel, MCP, AI-API, framework, SBOM, runtime, hardening, secrets, cred-stores, containers, crypto, plus `webhook-callback-abuse`, `cicd-pipeline-compromise`, `identity-sso-compromise`, `llm-tool-use-exfil`, `post-quantum-migration`, `ai-discovered-cve-triage`, `supply-chain-recovery`, `citation-hygiene`, and more), a CLI for discovery and seven-phase investigation runs (`govern → direct → look → detect → analyze → validate → close`), and a nightly auto-refresh job that pulls KEV / NVD / EPSS / GHSA / OSV / IETF deltas plus 15 primary-source advisory + research-blog + tech-press feeds (Qualys TRU, Red Hat RHSA, Ubuntu USN, ZDI, kernel.org, oss-security, JFrog, CISA, Microsoft Security Blog, Sysdig, Trail of Bits, Embrace the Red, BleepingComputer security, The Hacker News, and a GitLab activity-feed tracker for the Nightmare-Eclipse researcher handle that anchors NEW-CTRL-073) into auto-PRs for editorial review. v0.13.17 also ships `lib/cve-regression-watcher.js` (NEW-CTRL-074) — a complementary detection method that surfaces poller-diff historical-CVE references as candidate silent-regression cases, the class anchored by MiniPlasma (a 2026 PoC drop that re-broke CVE-2020-17103 without any new ID being assigned).\n\n---\n\n## Skill Inventory\n\n### Triage \u0026 Dispatch\n\n**[researcher](skills/researcher/skill.md)**\nFront-door triage skill for raw threat intel. Takes a CVE ID, ATLAS TTP, vendor advisory, framework control ID, or incident narrative; cross-joins it across `data/cve-catalog.json`, `data/atlas-ttps.json`, `data/framework-control-gaps.json`, `data/zeroday-lessons.json`, `data/exploit-availability.json`, and `data/global-frameworks.json`; produces a one-page RWEP-anchored dispatch report; routes the operator to the right specialized skill(s). Start here when the input is \"here's a thing, tell me what to do with it\".\n\n### Kernel \u0026 Privilege Escalation\n\n**[kernel-lpe-triage](skills/kernel-lpe-triage/skill.md)**\nAssess Linux kernel local privilege escalation exposure. Covers Copy Fail (CVE-2026-31431, CISA KEV, 732-byte deterministic root, all Linux since 2017), Dirty Frag (CVE-2026-43284/CVE-2026-43500, page-cache chain via ESP/IPsec and RxRPC). Outputs: exposure score, live-patch vs. reboot remediation path, compensating controls, framework gap declaration.\n\n### AI-Specific Attack Surface\n\n**[ai-attack-surface](skills/ai-attack-surface/skill.md)**\nComprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v5.6.0 with explicit gap flags. Covers prompt injection as enterprise RCE (CVE-2025-53773 CVSS 7.8, 85%+ bypass rate against SOTA defenses), MCP supply chain RCE (CVE-2026-30615, zero user interaction, 150M+ downloads), RAG exfiltration, model poisoning, AI-assisted exploit development (41% of 2025 zero-days), credential theft acceleration (160% increase).\n\n**[mcp-agent-trust](skills/mcp-agent-trust/skill.md)**\nEnumerate MCP (Model Context Protocol) trust boundary failures. Covers tool allowlisting gaps, unsigned server manifests, prompt injection via tool responses, supply chain compromise. CVE-2026-30615 (Windsurf, zero-interaction RCE). Generates: tool allowlist policy, server signing requirements, bearer auth config, output sanitization requirements.\n\n**[rag-pipeline-security](skills/rag-pipeline-security/skill.md)**\nRAG-specific threat model with no current framework coverage. Embedding manipulation for data exfiltration, vector store poisoning, chunking attacks, retrieval filter bypass, indirect prompt injection via retrieved documents. ATLAS-mapped. Generates: retrieval audit controls, anomaly detection requirements, output monitoring policy.\n\n**[ai-c2-detection](skills/ai-c2-detection/skill.md)**\nDetect adversary use of AI APIs as covert command-and-control (SesameOp case study, ATLAS AML.T0096). PROMPTFLUX/PROMPTSTEAL malware families that query LLMs during execution for real-time evasion. Outputs: behavioral baseline model, detection signatures, network monitoring rules, incident response playbook.\n\n### Framework \u0026 Compliance\n\n**[framework-gap-analysis](skills/framework-gap-analysis/skill.md)**\nFeed a compliance framework control ID and a threat scenario — receive: what the control was designed for, why it is insufficient against current TTPs, which attacker technique exploits the gap, what a real control would require. Built-in gap mappings for NIST 800-53, ISO 27001:2022, SOC 2, PCI-DSS 4.0, NIS2, DORA, CIS v8.\n\n**[compliance-theater](skills/compliance-theater/skill.md)**\nIdentify where an organization passes an audit but remains exposed. Seven documented compliance theater patterns with specific detection tests. Outputs: theater score per control domain, exposure summary, auditor-facing remediation language, evidence gap list.\n\n**[global-grc](skills/global-grc/skill.md)**\nMulti-jurisdiction GRC mapping. Covers EU (GDPR Art. 32, NIS2, DORA, EU AI Act, EU CRA), UK (Cyber Essentials Plus, NCSC CAF), Australia (ISM, ASD Essential 8, APRA CPS 234), Singapore (MAS TRM, CSA CCoP), Japan (METI, NISC), India (CERT-In, SEBI), Canada (OSFI B-10), and global (ISO 27001:2022, CSA CCM v4, CIS Controls v8). Identifies universal gaps that no jurisdiction's framework covers.\n\n**[policy-exception-gen](skills/policy-exception-gen/skill.md)**\nGenerate defensible policy exceptions for architectural realities frameworks don't accommodate. Templates for: ephemeral/serverless infrastructure (no traditional asset inventory), AI pipelines (continuous opaque model updates), zero trust architecture (no network perimeter), live-system no-reboot patching. Each exception includes compensating controls, risk acceptance language, and auditor-ready justification.\n\n### Risk Intelligence\n\n**[exploit-scoring](skills/exploit-scoring/skill.md)**\nReal-World Exploit Priority (RWEP) scoring beyond CVSS. Factors: CISA KEV status (0.25), public PoC (0.20), AI-assisted weaponization (0.15), active exploitation (0.20), patch availability (-0.15), live-patch availability (-0.10), blast radius (0.15). Pre-calculated RWEP scores for all CVEs in `data/cve-catalog.json`. Outputs RWEP alongside CVSS with plain-language priority guidance.\n\n**[threat-model-currency](skills/threat-model-currency/skill.md)**\nScore how current an organization's threat model is against 2026 threat reality. Checklist of 14 current threat classes against documented model coverage. Outputs: currency percentage, specific missing threat classes, recommended additions with ATLAS/ATT\u0026CK references, prioritized update roadmap.\n\n**[zeroday-gap-learn](skills/zeroday-gap-learn/skill.md)**\nRun the zero-day learning loop: zero-day description → attack vector extraction → control gap identification → framework coverage assessment → new control requirement generation → exposure scoring. Encodes lessons from Copy Fail, Dirty Frag, CVE-2025-53773, CVE-2026-30615, SesameOp. Feeds back into framework-gap-analysis and threat-model-currency.\n\n### Identity, OT, Disclosure \u0026 Threat Modeling\n\n**[identity-assurance](skills/identity-assurance/skill.md)**\nIdentity assurance for mid-2026. NIST 800-63 AAL/IAL/FAL levels, FIDO2/WebAuthn passkey deployment, OIDC/SAML/SCIM federation, agent-as-principal identity for autonomous AI workloads, short-lived workload token issuance, OAuth 2.0 + RFC 9700 (OAuth 2.0 Security BCP) hardening. Outputs: assurance-level gap map, passkey rollout plan, agent identity policy, token-lifetime targets.\n\n**[ot-ics-security](skills/ot-ics-security/skill.md)**\nOT / ICS security for mid-2026. NIST 800-82r3, IEC 62443-3-3, NERC CIP, IT/OT convergence risks (flat networks, shared AD, jump-host weaknesses), AI-augmented HMI threats, and ATT\u0026CK for ICS mappings. Outputs: zone/conduit gap map, safety-instrumented-system isolation review, OT-specific patching exception templates.\n\n**[coordinated-vuln-disclosure](skills/coordinated-vuln-disclosure/skill.md)**\nCoordinated Vulnerability Disclosure for mid-2026. ISO 29147 (disclosure) + ISO 30111 (handling), VDP and bug bounty design, CSAF 2.0 machine-readable advisories, security.txt (RFC 9116), EU CRA / NIS2 regulator-mandated disclosure timelines, AI-specific vulnerability classes (prompt injection, training data poisoning, model exfiltration). Outputs: VDP policy, advisory template, regulator notification calendar.\n\n**[threat-modeling-methodology](skills/threat-modeling-methodology/skill.md)**\nMethodology selection and execution across STRIDE, PASTA, LINDDUN (privacy), Cyber Kill Chain, Diamond Model, MITRE Unified Kill Chain, AI-system threat modeling, and agent-based threat modeling. Outputs: methodology choice with justification, scoped DFD or attack tree, threat-to-control crosswalk against ATLAS / ATT\u0026CK / D3FEND.\n\n---\n\n## Install\n\nThree audience paths. Pick the one that matches how you'll use this.\n\n### 1. AI consumer (read-only — most users)\n\nYou want an AI assistant to load the skills + catalogs against a question of yours. Easiest path:\n\n```bash\nnpx @blamejs/exceptd-skills path\n```\n\nThat prints the absolute path of the installed package. Point your AI assistant at:\n\n- `\u003cpath\u003e/AGENTS.md` — canonical project rules + ground truth for every skill\n- `\u003cpath\u003e/data/_indexes/summary-cards.json` — 100-word abstract per skill (~95 KB)\n- `\u003cpath\u003e/data/_indexes/recipes.json` — curated multi-skill chains for common use cases\n\nNo clone, no signing keys, no Node 24 required for assistants that read directly from disk. If your assistant needs a local copy as a regular checkout, use `npx degit blamejs/exceptd-skills my-skills` instead.\n\n### 2. Operator (run commands locally)\n\nYou want to refresh CVE/RFC data, run currency checks, or generate reports. Install + invoke via `npx` (no global install needed):\n\n```bash\nnpx @blamejs/exceptd-skills doctor # health check\nnpx @blamejs/exceptd-skills refresh --apply --swarm # pull KEV/NVD/EPSS/RFC/GHSA + apply\nnpx @blamejs/exceptd-skills refresh --advisory CVE-2026-45321 # seed one CVE draft from GHSA\nnpx @blamejs/exceptd-skills refresh --advisory MAL-2026-3083 # seed via OSV (MAL-/SNYK-/RUSTSEC-/USN-/PYSEC-/GO-/MGASA-/UVI-)\nnpx @blamejs/exceptd-skills refresh --curate CVE-2026-45321 # surface editorial questions for a draft\nnpx @blamejs/exceptd-skills refresh --network # swap data/ from latest signed npm tarball\n```\n\nFor frequent use, install globally to skip the `npx` resolution every time:\n\n```bash\nnpm install -g @blamejs/exceptd-skills\nexceptd help\n```\n\nFirst run — verify the signing chain and pin the public-key fingerprint for out-of-band checks:\n\n```bash\nexceptd doctor --signatures # verify Ed25519 chains (42/42 expected)\ncat $(exceptd path)/keys/EXPECTED_FINGERPRINT # pin fingerprint for OOB verify\n```\n\nVerify on npm: `npm view @blamejs/exceptd-skills@\u003cversion\u003e dist.signatures` shows the SLSA v1 provenance attestation.\n\nAir-gapped operation: run `exceptd refresh --prefetch` on a connected host, copy the resulting `.cache/upstream/` to the airgap, run `exceptd refresh --from-cache \u003cpath\u003e --apply` over there. The vendored upstream snapshots replace every network call.\n\nFresh-disclosure workflow (v0.12.0): the nightly auto-PR job pulls KEV / NVD / EPSS / IETF / **GHSA** (added in v0.12.0) / **OSV** (added in v0.12.10). KEV typically takes days; NVD ~10 days; GHSA fires within hours of disclosure and covers npm + PyPI + Maven + Go + NuGet + …; OSV aggregates the OSSF Malicious Packages dataset (`MAL-*` keys) + Snyk + RustSec + Mageia + Ubuntu USN + Go Vuln DB + PYSEC + UVI on top of GHSA — useful for malicious-package compromises that don't have CVEs yet (`exceptd refresh --advisory MAL-2026-3083`). New IDs land as drafts (`_auto_imported: true`, `_draft: true`) that the catalog validator treats as warnings, not errors — operators get the fresh entry immediately, editorial review (framework gaps, IoCs, ATLAS/ATT\u0026CK refs) follows via `exceptd refresh --curate \u003cID\u003e`. For \"I want this advisory today, not tomorrow\": `exceptd refresh --advisory \u003cCVE-or-GHSA-or-MAL-or-SNYK-or-RUSTSEC-ID\u003e --apply`.\n\nPrimary-source advisory polling: `exceptd refresh --check-advisories` polls 15 vendor and coordinated-disclosure feeds — 8 advisory/coordinated-disclosure venues (Qualys TRU, Red Hat RHSA, Ubuntu USN, Zero Day Initiative, kernel.org commits, oss-security mailing list, JFrog SecOps, CISA current advisories), 4 vendor security research blogs added in v0.13.14 (Microsoft Security Blog, Sysdig, Trail of Bits, Embrace the Red), and 3 additions in v0.13.17 (BleepingComputer security, The Hacker News, and a GitLab activity-feed tracker for the Nightmare-Eclipse researcher handle that anchors NEW-CTRL-073). Combined coverage publishes CVE IDs at T+0 to T+1 — typically 3–14 days ahead of NVD enrichment. The command is report-only: it returns a structured `diffs[]` listing each newly-seen CVE ID with its source attributions and advisory URLs, but does not mutate the catalog. v0.13.17 also adds a complementary detection method (NEW-CTRL-074 / `lib/cve-regression-watcher.js`): the watcher cross-checks poller diffs for historical-CVE references (year ≤ currentYear − 2) and surfaces candidate silent-regression cases — the class anchored by MiniPlasma (a 2026 PoC drop that re-broke CVE-2020-17103 without any new ID being assigned). Operators triage the output and route promising IDs through `exceptd refresh --advisory \u003cCVE-ID\u003e --apply`. Pairs naturally with the daily scheduled remote agent below.\n\nCVE-class alert surfacing: `exceptd watchlist --alerts` matches the live `cve-catalog.json` against five operational patterns (`kernel_lpe_with_poc`, `supply_chain_family`, `ai_discovered_kev`, `active_exploitation_unpatched`, `recent_poc_no_kev_yet`) and returns the matches sorted critical-severity-first, then by RWEP. Use as a fast operational triage on a refreshed catalog without scanning every entry by hand.\n\nGitHub repo-pattern monitoring: `exceptd watchlist --org-scan --org \u003clogin\u003e` probes GitHub Search for repositories matching known threat-actor naming patterns (\"A Gift From TeamPCP\", \"Shai-Hulud\", \"TeamPCP\") scoped to one org. Custom patterns via repeatable `--pattern \u003cs\u003e`. Implements the canonical detection for the Shai-Hulud / TeamPCP supply-chain framework class — the attacker uses GitHub itself as the exfil channel. Set `GITHUB_TOKEN` for private-repo coverage and rate-limit headroom; public-repo search works without auth.\n\nAI-assistant config-file audit: `exceptd doctor --ai-config` walks `~/.claude`, `~/.cursor`, `~/.codeium`, `~/.aider`, and `~/.continue`, flagging sensitive files (`settings.json`, `mcp.json`, `*.mcp_config.json`, `api_key*`, `*.token`, `*.credentials`) not at mode 0600 on POSIX. On Windows the mode bits aren't load-bearing; each finding is surfaced with an info-level \"manual ACL review\" note. Catches the AI-config-credential-exfil class that the Shai-Hulud framework targets. Opt-in — does not run as part of the default no-flag `doctor` pass.\n\nEvidence-collection layer: `exceptd collect \u003cplaybook\u003e` invokes a companion script under `lib/collectors/\u003cplaybook\u003e.js` that walks cwd, applies the catalogued regex set, stats permissions, and emits the submission JSON in the same shape `exceptd run --evidence -` accepts. 14 of 24 playbooks have collectors today (`ai-api`, `cicd-pipeline-compromise`, `citation-hygiene`, `containers`, `cred-stores`, `crypto`, `crypto-codebase`, `hardening`, `kernel`, `library-author`, `mcp`, `runtime`, `sbom`, `secrets`); the remaining 10 are policy-skipped per AGENTS.md (judgement-shaped incident / governance / pure-analyze playbooks where AI-driven evidence collection is the design). Canonical operator pipe: `exceptd collect \u003cpb\u003e | exceptd run \u003cpb\u003e --evidence -`. `exceptd doctor --collectors` enumerates the layer; `exceptd discover` tags applicable playbooks with `[collector]` when one ships. `cicd-pipeline-compromise` requires `--attest-ownership` on the collect call (the playbook's `operator-owns-ci-fleet` precondition is opt-in to prevent unauthorized CI assessments).\n\nDaily scheduled threat intake: a `routine: exceptd-threat-intake` (claude.ai remote agent) runs daily at 14:00 UTC. Sequence: `npm install` → `refresh --check-advisories` → `watchlist --alerts` → `refresh --apply` → `refresh --advisory \u003cCVE-ID\u003e` for up to 5 new CVE IDs from the primary-source feeds → re-sign + rebuild-indexes if the catalog mutated → commit on `intake/\u003cYYYY-MM-DD\u003e` branch with the full diff in the report. Closes the cadence gap that previously left fresh disclosures dependent on operator-triggered intake. Operator-managed at \u003chttps://claude.ai/code/routines\u003e.\n\nOptional env vars for higher rate budgets:\n\n| Variable | Purpose |\n|---|---|\n| `NVD_API_KEY` | Lifts NVD 2.0 from 5 → 50 requests per 30s window. Free key at \u003chttps://nvd.nist.gov/developers/request-an-api-key\u003e. |\n| `GITHUB_TOKEN` | Lifts GitHub Releases + GHSA from 60 → 5000 requests per hour. |\n| `EXCEPTD_GHSA_FIXTURE` | Path to a JSON fixture matching the api.github.com/advisories shape. For offline tests + air-gap workflows. |\n| `EXCEPTD_OSV_FIXTURE` | Path to a JSON fixture matching the OSV schema (https://ossf.github.io/osv-schema/). For offline tests + air-gap workflows against the OSV source (added v0.12.10). |\n| `EXCEPTD_REGISTRY_FIXTURE` | Path to a JSON fixture matching the npm registry response. Used by `doctor --registry-check` + `run --upstream-check` + `refresh --network` for offline testing. |\n\n### 3. Maintainer (extend / sign / publish)\n\nYou're adding a skill, updating a catalog, or cutting a release. Clone + bootstrap the full toolchain:\n\n```bash\ngit clone https://github.com/blamejs/exceptd-skills\ncd exceptd-skills\nnpm run bootstrap # auto-detects: verify-only / re-sign / first-init\nnpm run predeploy # full predeploy gate sequence locally\n```\n\n`bootstrap` auto-detects the right mode based on which keys exist on disk:\n\n- **Verify-only** (default on a fresh clone): `keys/public.pem` ships in the repo, no `.keys/private.pem` locally. Checks that every skill verifies against the shipped signature, exits.\n- **Re-sign**: `.keys/private.pem` exists locally. Re-signs every skill against current content, verifies.\n- **First-init**: no `keys/public.pem` shipped or `--init` passed. Generates a new Ed25519 keypair, signs everything.\n\nDirect invocations also available: `npm run verify`, `node lib/sign.js sign-all`.\n\n## CLI command reference\n\nEvery command works the same via `npx @blamejs/exceptd-skills`, a global install (`exceptd`), or a local `node bin/exceptd.js`.\n\n### v0.11.0 canonical verbs\n\n```\nexceptd First-run welcome — two ways to start\n (discover / ask) plus common starting\n playbooks for code / Linux / service contexts.\n\nexceptd discover Scan cwd → recommend playbooks based on\n detected files (.git, package.json,\n Dockerfile, requirements.txt, etc) + host\n platform. Replaces scan + dispatch.\n --scan-only Also include legacy host scan findings.\n --json | --pretty Machine output (default is human checklist).\n\nexceptd brief [playbook] Unified info doc — jurisdictions + threat\n context + RWEP thresholds + preconditions\n + artifacts + indicators. Replaces plan +\n govern + direct + look.\n --all Every playbook (replaces `plan`).\n --scope \u003ctype\u003e system | code | service | cross-cutting.\n --directives Expand directive metadata per playbook.\n --phase \u003cname\u003e Emit only one phase (legacy compat).\n\nexceptd run [playbook] Phases 4-7. Auto-detects cwd context when\n no playbook positional.\n --evidence \u003cfile|-\u003e Submission JSON (flat or nested shape).\n --evidence-dir \u003cdir\u003e Per-playbook submission files (cron-friendly).\n --scope \u003ctype\u003e | --all Multi-playbook run.\n --vex \u003cfile\u003e CycloneDX / OpenVEX filter (drop not_affected).\n --format \u003cfmt\u003e ... csaf-2.0 | sarif | openvex | markdown | summary.\n Repeatable. CSAF is primary; extras go to\n close.evidence_package.bundles_by_format.\n --diff-from-latest Drift vs prior attestation for same playbook.\n --ci Exit-code gate (use `exceptd ci` instead).\n --operator \u003cname\u003e Bind attestation to identity.\n --ack Explicit jurisdiction-obligation consent.\n --session-id \u003cid\u003e Reuse session id (collision refused).\n --force-overwrite Override session collision refusal.\n --session-key \u003chex\u003e HMAC sign evidence_package (≥ 16 hex chars).\n --attestation-root \u003cpath\u003e Override ~/.exceptd/attestations/ root.\n Alternative: set EXCEPTD_HOME=\u003cdir\u003e\n env var (attestations land in\n $EXCEPTD_HOME/attestations/). Useful for\n multi-tenant shared hosts where each\n operator wants a private attestation\n root, or for CI runners that should\n scope attestations to the job workspace.\n --explain Dry-run: preconditions + artifacts +\n signal keys + submission skeleton.\n --signal-list Lighter than --explain; enumerate signal\n keys only.\n --force-stale Override threat_currency_score \u003c 50 gate.\n --air-gap Honor air_gap_alternative paths.\n\nexceptd ai-run \u003cplaybook\u003e JSONL streaming variant of run. AI emits\n evidence events on stdin; runner streams\n phase events on stdout. One pipe, no\n file handoff. See `exceptd ai-run --help`\n for the full stdin event grammar.\n --no-stream Single-shot mode (emit one combined JSON).\n\n# Stdin event the host emits (one JSON object per line):\n# {\"event\":\"evidence\",\"payload\":{\n# \"precondition_checks\": {...}, // per-precondition boolean assertions\n# \"observations\": {...}, // per-artifact + per-indicator captures\n# \"verdict\": {...} // optional operator-supplied verdict\n# }}\n# observations[\u003ckey\u003e] carries both artifact captures\n# ({ captured: true, value: \"...\" }) AND indicator overrides\n# ({ indicator: \"\u003cid\u003e\", result: \"hit\"|\"miss\" }) — the runner normalises\n# both branches from a single map. The alternative nested shape\n# ({ artifacts, signal_overrides, signals }) is also accepted, but do not\n# mix the two — if `signal_overrides` is present, `observations` and\n# `verdict` are ignored.\n# Phases emitted on stdout (in order): govern → direct → look →\n# await_evidence → detect → analyze → validate → close → done.\n# Errors emit {\"event\":\"error\",\"reason\":\"...\"} and exit non-zero.\n\nexceptd collect \u003cplaybook\u003e Walk cwd + invoke the companion collector\n under lib/collectors/\u003cplaybook\u003e.js. Emits\n a submission JSON ready to pipe into\n `exceptd run \u003cplaybook\u003e --evidence -`.\n 14/24 playbooks have collectors; the rest\n are AI-driven by design (incident /\n governance / pure-analyze — see\n AGENTS.md).\n --cwd \u003cpath\u003e Collect against a different repo / host.\n --pretty Indented JSON.\n --attest-ownership cicd-pipeline-compromise only — opt-in to\n the operator-owns-ci-fleet precondition\n so the runner doesn't halt at preflight.\n\n# Canonical operator flow on a freshly-cloned repo:\nexceptd discover # which playbooks apply here?\nexceptd collect \u003cpb\u003e | exceptd run \u003cpb\u003e --evidence - # full pipe to verdict\nexceptd doctor --collectors # list every collector + which are skipped\n\nexceptd attest \u003csubverb\u003e [\u003csid\u003e] Auditor-facing operations.\n attest list Inventory all sessions across both\n ~/.exceptd and cwd-legacy roots.\n attest show \u003csid\u003e Full (unredacted) attestation.\n attest export \u003csid\u003e Redacted bundle for audit submission.\n Strips raw artifact values; preserves\n evidence_hash + signature + verdict.\n --format csaf wraps in CSAF envelope.\n attest verify \u003csid\u003e Ed25519 .sig sidecar verification.\n attest diff \u003csid\u003e Drift replay (= reattest default).\n --against \u003cother-sid\u003e compares two\n sessions side-by-side with per-artifact\n diff (added / removed / changed).\n --playbook \u003cid\u003e Filter (list / diff).\n --since \u003cISO\u003e Filter list / diff to entries after date.\n\nexceptd discover / doctor / ci See above for doctor and ci.\n\nexceptd doctor One-shot health check.\n --signatures Only Ed25519 skill verification.\n --currency Only skill currency report.\n --cves Only CVE catalog drift check.\n --rfcs Only RFC catalog drift check.\n --ai-config Audit AI-assistant config-file permissions\n across ~/.claude, ~/.cursor, ~/.codeium,\n ~/.aider, ~/.continue. Flags sensitive\n files (settings.json, mcp.json,\n *.mcp_config.json, api_key*, *.token,\n *.credentials) not at mode 0600 on POSIX;\n surfaces an info-level \"manual ACL review\"\n note for each sensitive file on Windows.\n Opt-in; not part of the default doctor\n pass.\n --fix Auto-remediate signing gaps: regenerate\n the local Ed25519 private key when\n keys/public.pem exists but .keys/private.pem\n is absent. No-op when the key is present.\n --registry-check Probe the npm registry for the latest\n published version + days-since-publish.\n Off by default; --air-gap suppresses it.\n --collectors Enumerate the per-playbook collector layer:\n which playbooks ship a collector, which are\n policy-skipped, and which are unwired.\n --shipped-tarball Run the pack + extract + verify round-trip\n against the tarball operators receive, not\n just the source tree.\n --exit-codes Print the canonical exit-code table as\n JSON for CI / scripting consumers.\n\nexceptd ci One-shot CI gate. Exit codes: 0 PASS,\n 1 framework error, 2 detected/escalate\n (or rwep ≥ rwep_threshold.escalate),\n 3 ran-but-no-evidence, 4 blocked\n (ok:false), 5 jurisdiction clock started.\n --all | --scope \u003ctype\u003e Pick playbooks; auto-detect if neither.\n --max-rwep \u003cn\u003e Cap below playbook default.\n --block-on-jurisdiction-clock Fail when notification clock fires.\n --evidence / --evidence-dir Per-playbook submission files.\n\nexceptd ask \"\u003cquestion\u003e\" Plain-English routing to playbook(s).\n Returns ranked playbook IDs based on\n keyword overlap with each playbook's\n domain.name + attack_class + threat_context.\n A question in a domain covered by a skill\n rather than a playbook (email-auth, child\n safety, HIPAA, DLP) surfaces the skill.\n\nexceptd recipes [\u003cid\u003e] List the curated multi-skill workflows;\n `recipes \u003cid\u003e` expands one into its\n ordered skill chain.\n\nexceptd lint \u003cpb\u003e \u003cevidence\u003e Pre-flight check submission shape vs\n playbook (preconditions / artifacts /\n indicators) without executing phases 4-7.\n\nexceptd cve \u003cCVE-ID\u003e Resolve one CVE citation → status\n (published / rejected / disputed /\n fabricated / nonexistent / unknown) plus\n cvss / kev / product. Order: curated\n catalog (offline) → resolved cache\n (7-day TTL, warmed by a prior lookup) →\n one NVD lookup, then cached. Lets a\n fan-out of agents share one answer\n instead of each researching the same id.\n --air-gap | --no-network Offline-only (also EXCEPTD_AIR_GAP=1).\n Returns unknown + a reason when the id\n isn't in catalog/cache.\n --json | --pretty Machine output.\n Exit 2 when the citation won't stand up\n (rejected / fabricated / nonexistent /\n withdrawn).\n\nexceptd rfc \u003cnumber\u003e Resolve an RFC number → title + status\n from the local index (whole current\n series, fully offline).\n --check \"\u003ctitle\u003e\" Report title_match true/false; exit 2 on\n mismatch (e.g. RFC 9404 cited as the\n Sieve spec — it's JMAP Blob Management).\n --air-gap Offline-only. Not-found numbers are\n likely obsoleted/historic or nonexistent;\n with network it disambiguates via the\n datatracker.\n --json | --pretty Machine output.\n\nexceptd refresh Refresh upstream catalogs + indexes.\n Replaces prefetch + refresh + build-indexes.\n --apply Write diffs back + rebuild indexes.\n --from-cache [\u003cdir\u003e] Read from prefetch cache.\n --prefetch Warm the offline cache by fetching every\n upstream artifact now (network required).\n Run on a connected host, then point\n --from-cache at the result on the air-gap.\n --no-network Report-only dry-run: list what would be\n fetched without touching the network.\n --network (v0.11.14) Fetch latest signed catalog\n snapshot from npm tarball, verify against\n local public.pem, swap data/ in place.\n --advisory \u003cCVE-or-GHSA-ID\u003e (v0.12.0) Seed a single catalog entry from\n GitHub Advisory Database. Writes a draft\n flagged _auto_imported. --apply commits it.\n --curate \u003cCVE-ID\u003e (v0.12.0) Emit editorial questions + ranked\n candidates (ATLAS/ATT\u0026CK/CWE/framework) for\n a draft catalog entry.\n --check-advisories Poll 15 primary-source advisory feeds\n (Qualys TRU, Red Hat RHSA, Ubuntu USN,\n ZDI, kernel.org commits, oss-security\n mailing list, JFrog SecOps, CISA current\n advisories, Microsoft Security Blog,\n Sysdig, Trail of Bits, Embrace the Red,\n BleepingComputer, The Hacker News,\n Nightmare-Eclipse GitHub tracker) for\n CVE IDs disclosed at T+0 to T+1 —\n days ahead of NVD enrichment.\n Report-only: emits structured diffs[]\n with {cve_id, sources[], advisory_urls[],\n disclosed_at, title}; does NOT mutate the\n catalog. Route promising IDs through\n `refresh --advisory \u003cCVE-ID\u003e` to enrich.\n --indexes-only Rebuild data/_indexes/*.json only.\n\nSources (default = all): kev | epss | nvd | rfc | pins | ghsa | osv.\nGHSA covers npm, PyPI, Maven, Go, NuGet, etc.; OSV layers Snyk, RustSec,\nMageia, Ubuntu USN, Go Vuln DB, PYSEC, UVI, plus the OSSF Malicious\nPackages dataset (`MAL-*` keys). New IDs land as drafts that the catalog\nvalidator treats as warnings, not errors — editorial review (framework\ngaps, IoCs, ATLAS/ATT\u0026CK refs) is still required.\n\nexceptd watchlist Default mode: aggregate every skill's\n forward_watch entries (upcoming standards,\n RFC publications, new TTPs to monitor) in\n one shot.\n `--by-skill` inverts the grouping.\n --alerts Switch to CVE-catalog pattern alerts.\n Five patterns ship:\n - kernel_lpe_with_poc (high) — kernel\n LPE class with public PoC + blast\n radius \u003e= 25\n - supply_chain_family (high) — MAL-*\n entries or `type: malicious-*`\n - ai_discovered_kev (high) — AI-\n discovered AND CISA KEV-listed\n - active_exploitation_unpatched\n (critical) — confirmed in-the-wild\n + no patch available\n - recent_poc_no_kev_yet (medium) —\n public PoC verified within 14 days,\n not yet KEV-listed\n Sorted critical-severity first, then by\n RWEP descending. JSON or human output.\n --org-scan --org \u003clogin\u003e Probe GitHub Search for repositories\n matching known threat-actor naming\n patterns (\"A Gift From TeamPCP\",\n \"Shai-Hulud\", \"TeamPCP\") scoped to one\n org. Custom patterns via repeatable\n `--pattern \u003cs\u003e`. Set GITHUB_TOKEN for\n private-repo coverage + higher rate\n limit; without it, public-repo search\n only.\n\nexceptd watch Long-running forward-watch daemon. Blocks\n and listens for KEV additions, ATLAS\n updates, CVE drops, and framework\n amendments, with scheduled currency /\n validation checks. Ctrl-C (or SIGTERM /\n SIGHUP / SIGBREAK) to stop. For one-shot\n aggregation, pattern alerts, or org-scan,\n use `exceptd watchlist`.\n\nexceptd skill \u003cname\u003e Show context for one skill.\nexceptd framework-gap \u003cFW\u003e \u003cref\u003e One framework + one CVE/scenario, JSON\n or human. (Operates outside the seven-\n phase contract for ad-hoc gap analysis.)\nexceptd report [executive] Structured posture report. Bare `report`\n emits the full posture; the optional\n `executive` argument emits the\n executive-summary view.\nexceptd path Absolute path to the installed package.\nexceptd version Package version.\nexceptd help This help.\nexceptd \u003cverb\u003e --help Most verbs print per-verb usage with flag\n descriptions.\n```\n\n### Legacy v0.10.x verbs\n\nFive verbs removed in v0.13.0 after deprecation since v0.11.0. Invoking any of these now returns a structured `ok:false` refusal pointing at the replacement; pre-v0.13 scripts must migrate.\n\n| Removed verb | Replacement |\n|---|---|\n| `plan` | `brief --all` |\n| `govern \u003cpb\u003e` | `brief \u003cpb\u003e --phase govern` |\n| `direct \u003cpb\u003e` | `brief \u003cpb\u003e --phase direct` |\n| `look \u003cpb\u003e` | `brief \u003cpb\u003e --phase look` |\n| `ingest` | `run` |\n\nThe remaining v0.10.x verbs are still functional, no banner, no removal scheduled. Two shapes:\n\n**Canonical-equivalent aliases** — same output shape as the canonical verb; safe to use interchangeably:\n\n| Alias | Canonical | Output shape |\n|---|---|---|\n| `verify` | `doctor --signatures` | matches canonical |\n| `validate-cves` | `doctor --cves` | matches canonical |\n| `validate-rfcs` | `doctor --rfcs` | matches canonical |\n| `list-attestations` | `attest list` | matches canonical |\n| `reattest \u003csid\u003e` | `attest diff \u003csid\u003e` | matches canonical |\n| `prefetch` | `refresh --no-network` | matches canonical |\n| `build-indexes` | `refresh --indexes-only` | matches canonical |\n\n**Legacy passthrough verbs** — dispatch to the v0.10.x orchestrator script. The output shape is **NOT** identical to the canonical verb — it's the legacy `{timestamp, host, findings}` envelope. Use the canonical verb when you want the v0.11+ structured envelope contract; the passthrough is kept only for scripts that depend on the legacy output:\n\n| Passthrough | Canonical (different output shape) |\n|---|---|\n| `scan` | `discover --scan-only` |\n| `dispatch` | `discover` |\n| `currency` | `doctor --currency` |\n\n### Result envelope contract\n\nEvery `run` (and every per-playbook result inside a `ci` body) hoists the headline summary fields to the top of the JSON envelope so machine consumers do not have to walk `phases.*` to find them:\n\n| Field | Type | Meaning |\n|---|---|---|\n| `ok` | boolean | `true` on success, `false` on blocked-at-preflight or persistence failure |\n| `playbook_id` | string | Playbook id (present on blocked results too, so a `results[]` iterator can identify the row without joining against `playbooks_run[]` by index) |\n| `directive_id` | string | Directive within the playbook |\n| `session_id` | string | Run id (used by `attest verify \u003csid\u003e` / `attest diff \u003csid\u003e`) |\n| `verdict` | string | One of `detected` / `not_detected` / `inconclusive` / `pending` / `skipped` / `blocked` |\n| `rwep_score` | number \\| null | `phases.analyze.rwep.adjusted`, or `null` on blocked / catalog-baseline-zero runs |\n| `top_finding` | string \\| null | First matched CVE id, or the indicator classification when no CVE correlated |\n| `summary_line` | string | One-line human summary (~240 chars) — `\u003cplaybook\u003e: \u003cverdict\u003e (rwep=\u003cn\u003e, \u003cfinding\u003e, evidence=\u003cstate\u003e)` |\n| `evidence_completeness` | string | One of `complete` / `partial` / `missing` / `unknown` / `not-evaluated` |\n| `indicators_evaluated` | number \\| null | Indicators that produced a verdict |\n| `indicators_known` | number \\| null | Indicators declared by the playbook |\n| `evidence_hash` | string | SHA-256 of the normalized submission |\n| `submission_digest` | string | SHA-256 of the structured envelope |\n| `attestation_path` | string | Absolute path to the persisted attestation JSON (success path only) |\n| `preflight_issues` | array | Preconditions evaluated, with per-precondition `on_fail` + `check` |\n| `precondition_check_source` | object | Per-precondition: `submission` / `runOpts` / `merged` |\n| `phases` | object | Full per-phase outputs — `govern`, `direct`, `look`, `detect`, `analyze`, `validate`, `close` |\n\nOn a blocked result (preflight halt, missing precondition), `ok` is `false` and the envelope additionally carries `blocked_by` / `reason` / `remediation` / `phase: 'preflight'` / `verdict: 'blocked'`. `evidence_completeness` reports `not-evaluated`.\n\n### Default terminal output vs `--json` / `--pretty`\n\nBy default `ci`, `run`, `attest verify`, `attest diff`, and `discover` emit a human-readable digest at the terminal — verdict line, per-playbook table (for `ci`), next-step block keyed on verdict (BLOCKED → `exceptd lint \u003cpb\u003e -`; NO_EVIDENCE → lint + `--evidence-dir`; FAIL → `--format markdown` / `--format csaf-2.0` per detected playbook; CLOCK_STARTED → CSAF advisory), pending jurisdiction obligations grouped by `clock_start_event`, deduped session warnings, framework-gap rollup.\n\nPass `--json` (compact) or `--pretty` (indented) to reach the structured envelope when automating. Setting `EXCEPTD_RAW_JSON=1` in the environment has the same effect.\n\n## Invoking a skill from your AI assistant\n\nOnce your assistant has loaded `AGENTS.md`, type a trigger phrase or skill name:\n\n```\nkernel-lpe-triage\nai-attack-surface\nframework-gap-analysis NIST-800-53-SI-2 CVE-2026-31431\ncompliance-theater\nglobal-grc NIS2\nexploit-scoring CVE-2026-31431\nzeroday-gap-learn CVE-2026-30615\nsecurity-maturity-tiers\npqc-first\n```\n\n## AI assistant configuration\n\nThe canonical agent-agnostic project rules live in `AGENTS.md` — the **only** project-rules file in this repo. The project does not ship per-vendor mirrors; each tool is configured to load `AGENTS.md` directly.\n\n| Assistant | How it picks up the rules |\n|-----------|---------------------------|\n| OpenAI Codex CLI, Sourcegraph amp, Aider, Continue, Cline, Roo Code, Q Developer, and any tool that follows the cross-vendor `AGENTS.md` convention | Auto-loads `AGENTS.md` from the project root. |\n| Cursor | Auto-loads `.cursorrules` (a short stub pointing at `AGENTS.md`). |\n| GitHub Copilot | Auto-loads `.github/copilot-instructions.md` (stub pointing at `AGENTS.md`). |\n| Windsurf | Auto-loads `.windsurfrules` (stub pointing at `AGENTS.md`). |\n| Anthropic Claude Code | Doesn't auto-load `AGENTS.md`. Load it manually with `@AGENTS.md` on the first turn, or add your own per-machine `~/.claude/CLAUDE.md` that references it. The project intentionally does not ship a `CLAUDE.md` mirror. |\n| Google Gemini CLI, JetBrains AI, Replit Agent, anything else | Point the tool at `AGENTS.md` via its config, or load `CONTEXT.md` manually for a shorter orientation. |\n\nIf your tool has a conventional auto-load filename not listed here and you'd like first-class support, open an issue — we'll add a pointer stub.\n\n## Pre-computed indexes\n\n`data/_indexes/` ships 17 derived files so AI consumers can answer cross-reference questions without scanning every skill + catalog. Highlights:\n\n- **`summary-cards.json`** — 100-word abstract per skill; what to load when planning a multi-skill workflow.\n- **`recipes.json`** — 8 curated skill sequences for common use cases (AI red team prep, PCI audit defense, federal IR, DORA TLPT, K-12 EdTech review, ransomware tabletop, new-CVE triage, OSS dep triage).\n- **`chains.json`** — pre-hydrated cross-walks per CVE and per CWE: which skills cite this, which framework gaps it surfaces, which D3FEND countermeasures back it.\n- **`token-budget.json`** — approximate token cost per skill + per section for context budgeting.\n- **`jurisdiction-clocks.json`** — normalized jurisdiction × obligation × hours matrix (breach notification, patch SLA) across 35 jurisdictions.\n- **`did-ladders.json`** — canonical defense-in-depth ladders per attack class (prompt injection, kernel LPE, AI-as-C2, ransomware, supply chain, BOLA, model exfiltration, BEC).\n- **`theater-fingerprints.json`** — structured records for the 7 compliance theater patterns: claim, audit evidence, reality, fast detection test, controls implicated.\n- **`_meta.json`** — sha256 of every source file. The `validate-indexes` predeploy gate fails if any source changed after the last build; `build-indexes --changed` reads this to know what to rebuild.\n\nRegenerate with `exceptd refresh --indexes-only`.\n\n## For skill authors — `agents/`\n\nThe `agents/` directory ships markdown role cards documenting authoring conventions for contributors writing new skills or playbooks. The cards are reference material for humans and AI assistants editing the repo; the CLI runtime does not load them. Operators consuming `@blamejs/exceptd-skills` can ignore the directory.\n\n## Data catalogs\n\nAll skills pull from `data/`. Cross-validated against canonical upstream sources via `exceptd refresh` / `exceptd doctor --cves` / `exceptd doctor --rfcs`.\n\nTo resolve a single citation rather than refresh the whole catalog, `exceptd cve \u003cCVE-ID\u003e` and `exceptd rfc \u003cnumber\u003e` return a status verdict for one id (catalog → resolved cache → one NVD / datatracker lookup, offline-capable). The lookup caches, so a fan-out of agents shares the answer instead of each independently re-researching the same citation.\n\n- `cve-catalog.json` — CVE metadata with RWEP scores, CISA KEV status, PoC availability, live-patch info\n- `atlas-ttps.json` — MITRE ATLAS v5.6.0 TTPs with gap flags and exploitation examples. Each TTP now carries a `cve_refs[]` back-edge — operators reading an ATLAS entry see the catalogued CVEs that cite it without grepping `cve-catalog.json`. The same back-edge is populated on `attack-techniques.json`, and each playbook carries a `_meta.fed_by[]` reverse field naming the upstream playbooks that chain into it.\n- `framework-control-gaps.json` — Per-framework, per-control: what it was designed for vs. what it misses\n- `exploit-availability.json` — PoC locations, weaponization status, AI-assist factor\n- `global-frameworks.json` — All major global compliance frameworks (35 jurisdictions) with control inventories and lag scores\n- `zeroday-lessons.json` — Zero-day → control gap → framework gap → new control requirement mappings\n- `cwe-catalog.json` — CWE entries pinned to CWE v4.20 (Top 25 + AI- / supply-chain-relevant additions)\n- `d3fend-catalog.json` — MITRE D3FEND defensive technique entries pinned to D3FEND v1.3.0\n- `rfc-references.json` — IETF RFC / Internet-Draft references with status, errata, replaces / replaced-by, `last_verified`\n- `dlp-controls.json` — DLP control entries indexed by channel / classifier / surface / enforcement / evidence\n\n---\n\n## Philosophy\n\n**Compliance is not security.** A SOC 2 Type II report confirms that controls existed and operated effectively during the audit period. It says nothing about whether those controls are adequate for current attack patterns. When NIST 800-53 SI-2 says \"apply security patches in a timely manner\" and Copy Fail is a 732-byte deterministic root with a public PoC and no race condition, \"timely\" is the wrong frame entirely.\n\n**Framework lag is measured in months.** MITRE ATLAS v5.6.0 (May 2026) is the most current AI threat framework available. It still lags real exploitation by 3-6 months. NIST AI RMF lags by years. ISO 27001:2022 has no AI-specific controls. These skills explicitly flag every place where framework coverage ends and real attacker capability begins.\n\n**AI changed the exploit development timeline.** Copy Fail was discovered by an AI system in approximately one hour. 41% of 2025 zero-days involved AI-assisted reverse engineering on the attacker side. The time between vulnerability introduction and reliable exploitation is compressing faster than patch management processes can adapt. Risk scoring must reflect this.\n\n**Every org has a compliance theater problem.** The question is not whether paper controls map to audit requirements. The question is whether those controls would actually detect or prevent an attack. These skills answer the second question.\n\n---\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md). Key rules:\n\n- No new CVE reference without a complete `data/cve-catalog.json` entry\n- No new framework gap claim without a `data/framework-control-gaps.json` entry\n- No skill uses CVSS as the sole risk metric\n- Every new zero-day triggers a `data/zeroday-lessons.json` entry\n\n---\n\n## License\n\nApache 2.0. See [LICENSE](LICENSE).\n\nCommunity at [exceptd.com](https://exceptd.com).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblamejs%2Fexceptd-skills","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblamejs%2Fexceptd-skills","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblamejs%2Fexceptd-skills/lists"}