ByamB4

ByamB4 / find-cve-agent

Public

CVE hunting harness for Claude Code - 20 skills, 5-agent team, systematic vulnerability research with false positive elimination

ai-agent bug-bounty claude-code claude-code-plugin cve
17
2
100% credibility
Found Mar 26, 2026 at 17 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
JavaScript
AI Summary

A plugin for an AI coding assistant that coordinates specialized agents to discover, verify, and responsibly disclose vulnerabilities in open-source software packages.

How It Works

1
🕵️ Discover the Tool

You hear about a free helper that teams up with your AI coding assistant to find security weaknesses in popular software libraries.

2
📥 Set It Up

You grab the tool and run a quick setup in your work folder to get everything ready.

3
🔍 Start Hunting

You ask the AI to check a specific library by giving it a simple hunt command.

4
💡 Spot Issues

The AI scans the code and highlights potential security problems using built-in checklists.

5
🧪 Test and Verify

You work with the AI to build a safe test that proves the issue is real and double-checks it's not a false alarm.

6
📝 Prepare Report

The tool helps you create a clear, professional summary ready for sharing responsibly.

🏆 Make Software Safer

You successfully identify and report a real vulnerability, helping protect users everywhere.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 17 to 17 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is find-cve-agent?

find-cve-agent is a JavaScript plugin for Claude Code that automates CVE hunting in open source packages from npm, PyPI, and GitHub repos. It deploys a 5-agent team with 20 skills to handle target discovery, code review via Semgrep patterns, PoC building, and rigorous false positive checks before disclosure. Developers get slash commands like /hunt for full pipelines or /recon "csv parsers" to scout vulnerable targets, plus scripts for cve github search against NVD and OSV databases.

Why is it gaining traction?

It stands out by prioritizing quality CVE hunting tips over spray-and-pray scans, with a 6-gate false positive eliminator that encodes real-world rejection patterns from cve hunting medium posts and github cve advisory experiences. The agent-driven workflows make cve hunting made easy for Claude users, chaining recon, exploitation, and reporting without manual glue code. Features like /cross-pollinate for threat hunting similar vulns and PoC skeletons speed up github cve scanner workflows.

Who should use this?

Security researchers auditing JavaScript, Python, or Go packages for command injection, path traversal, or SSRF. Bug bounty hunters targeting under-audited OSS like wordpress cve hunting or npm libs with high downloads. Teams using Claude Code who want structured cve hunting course-style processes instead of ad-hoc github copilot prompts.

Verdict

Worth a spin if you're deep into Claude Code and cve github actions—solid docs and commands make it usable out of the gate despite 17 stars and 1.0% credibility score signaling early maturity. Test on low-stakes targets first; contribute Semgrep rules to boost its edge.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.