Skip to content

Add CVE-matching tool on top of RE-MCP endpoint extraction #1

Description

@CSOAI-ORG

Status: 0-to-1 build (audit 2026-06-03).
Repo currently contains only .github, .gitignore, LICENSE, README.md, package.json. No server.py, no Dockerfile, no pyproject, no tests. This is the most-starred of the empty shells (1 ★) — worth filling out first.

Plan

  • Scaffold server.py from meok-compliance-gateway/FLEET_BASE.md
  • Add match_endpoints_to_cves tool: takes endpoint list (from vulnerability-scanner / red-team-ops RE-MCPs), looks up NVD + OSV.dev + GHSA, returns affected CVEs
  • Add severity_routing tool: takes CVE list, returns prioritised remediation list (EPSS + KEV flag)
  • Pin mcp==1.27.2 in requirements.txt to match gateway
  • Dockerfile + smithery.yaml + CI
  • List on Smithery under nicholastempleman namespace

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions