security-cve-allocate

Walk a security team member through allocating a CVE for an <tracker> tracking issue. Prints the ASF Vulnogram allocation URL and a CVE-ready title (the issue title stripped of redundant `<vendor>: <product>:` (e.g. `Apache Airflow:`), `[ Security Report ]`, trailing version parens and similar noise), waits for the allocated CVE ID (allocation is PMC-gated — non-PMC triagers relay to a PMC member), and then updates the tracker in place: fills in the *CVE tool link* field, adds the `cve allocated` label, posts a collapsed status-change comment, and runs `generate-cve-json --attach` to embed the paste-ready JSON in the body. Finishes by handing off to the `security-issue-sync` skill to reconcile the rest of the tracker (milestone, assignee, reporter drafts, fix-PR state) now that the CVE landing is complete.

Safety Notice

This listing is imported from SkillsMP metadata and should be treated as untrusted until upstream source review is completed.

Copy this and send it to your AI assistant to learn

Install skill "security-cve-allocate" with this command: npx skills add apache/skillsmp-apache-apache-security-cve-allocate

No markdown body

This source entry does not include full markdown content beyond metadata.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHub

Related Skills

Related by shared tags or category signals.

Coding

pr-management-triage

Sweep open pull requests on the configured `<upstream>` repo (default: read from `<project-config>/project.md → upstream_repo`), classify each one against the project's quality criteria, propose a disposition, and — on the maintainer's confirmation — carry out the action via `gh`. Decides whether each PR should be converted to draft with a quality-issues comment, commented on, closed, rebased, have CI reruns triggered, have a first-time-contributor workflow approved, be pinged to a stale reviewer, or marked `ready for maintainer review`. Does **not** perform code review (no LLM line comments, no approve/request-changes submissions) — that lives in [`pr-management-code-review`](../pr-management-code-review/SKILL.md).

Repository SourceNeeds Review

-8apache

Security

Agent Runtime Security

Complete OpenClaw Agent Security Hardening - Protects against data leaks (storage security) and prompt injection (runtime security). Use for initial setup, s...

Registry SourceRecently Updated

5480qingquanagi

Security

Wallet Safety Checkup

A practical security review skill that checks wallet and backup habits for obvious weak points. Use when the user wants to audit their crypto security setup....

Registry SourceRecently Updated

1730Profile unavailable

Security

Security Portfolio Risk

Provides AI-driven portfolio risk analysis for China A-shares with VaR, stress testing, tail risk, factor exposure, and risk attribution for fund managers.

Registry SourceRecently Updated

821Profile unavailable