endor-reachability-provenance
OfficialResolve mismatched vuln reachability.
Authorendorlabs
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps investigate vulnerability findings when dependency reachability, function reachability, and structured vulnerability metadata do not agree. It is designed to explain why a finding may look reachable at the dependency level while still failing strict vulnerable-function attribution.
Core Features & Use Cases
- Reachability triage: Compare customer-tenant call graphs with oss vulnerability provenance to determine whether a vulnerable function is actually reachable.
- Alias and metadata reconciliation: Check CVE and GHSA records for consistent affected package ranges, callpath URIs, and source attribution.
- Mismatch classification: Distinguish provenance fragmentation, signature normalization issues, true non-reachability, and likely reachability.
- Use case: Analyze a finding that reports a reachable dependency but an unreachable function and produce a clear verdict with next-step guidance.
Quick Start
Ask the Skill to triage a specific finding UUID and compare its customer graph evidence against oss vulnerability callpath metadata.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: endor-reachability-provenance Download link: https://github.com/endorlabs/endorlabs-sdk/archive/main.zip#endor-reachability-provenance Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 545,000+ vetted skills library on demand.