endor-reachability-provenance

Official

Resolve mismatched vuln reachability.

Authorendorlabs
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps investigate vulnerability findings when dependency reachability, function reachability, and structured vulnerability metadata do not agree. It is designed to explain why a finding may look reachable at the dependency level while still failing strict vulnerable-function attribution.

Core Features & Use Cases

  • Reachability triage: Compare customer-tenant call graphs with oss vulnerability provenance to determine whether a vulnerable function is actually reachable.
  • Alias and metadata reconciliation: Check CVE and GHSA records for consistent affected package ranges, callpath URIs, and source attribution.
  • Mismatch classification: Distinguish provenance fragmentation, signature normalization issues, true non-reachability, and likely reachability.
  • Use case: Analyze a finding that reports a reachable dependency but an unreachable function and produce a clear verdict with next-step guidance.

Quick Start

Ask the Skill to triage a specific finding UUID and compare its customer graph evidence against oss vulnerability callpath metadata.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: endor-reachability-provenance
Download link: https://github.com/endorlabs/endorlabs-sdk/archive/main.zip#endor-reachability-provenance

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 545,000+ vetted skills library on demand.