ByamB4/find-cve-agent

26 stars · Last commit 2026-03-20

CVE hunting harness for Claude Code - 20 skills, 5-agent team, systematic vulnerability research with false positive elimination

PluginWorkflow & Automation TDD & Testing Debugging Documentation Design & UI DevOps & Infra AI & Prompting Data & ML Security

README preview

# find-cve-agent

**Open Source CVE Hunting Harness for Claude Code**

A Claude Code plugin that systematically finds real CVEs in open source packages through coordinated multi-agent security research.

---

## What It Is

`find-cve-agent` is a battle-tested harness of 20 skills organized as a 5-agent team. It provides structured workflows for every phase of vulnerability research: target discovery, code review, PoC development, false positive elimination, and responsible disclosure.

Every skill encodes practical knowledge about what gets accepted, what gets rejected, and how to avoid wasting time on false positives.

## Philosophy

- **Quality over quantity.** One confirmed CVE beats ten false positives.
- **False positive elimination is a first-class concern.** Every finding passes a 6-gate verification process before submission.
- **Responsible disclosure only.** 90-day coordinated timeline, no production exploitation, PoCs run locally.
- **Learn from mistakes.** The plugin encodes patterns from past false positives so you don't repeat them.

View full repository on GitHub →