agent-bom-analyze

Analyze blast radius, attack paths, and threat landscape across your AI infrastructure. Use when: "blast radius", "threat intel", "risk score", "attack path", "lateral movement", "context graph", "who can reach what".

10 stars

Best use case

agent-bom-analyze is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Analyze blast radius, attack paths, and threat landscape across your AI infrastructure. Use when: "blast radius", "threat intel", "risk score", "attack path", "lateral movement", "context graph", "who can reach what".

Teams using agent-bom-analyze should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/analyze/SKILL.md --create-dirs "https://raw.githubusercontent.com/msaad00/agent-bom/main/integrations/openclaw/analyze/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/analyze/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How agent-bom-analyze Compares

Feature / Agentagent-bom-analyzeStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Analyze blast radius, attack paths, and threat landscape across your AI infrastructure. Use when: "blast radius", "threat intel", "risk score", "attack path", "lateral movement", "context graph", "who can reach what".

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# agent-bom-analyze — Blast Radius & Attack Path Analysis

Analyzes blast radius, attack paths, and the threat landscape across your AI
infrastructure. Maps lateral movement risks, identifies high-impact CVEs, and
visualizes agent context graphs.

## Install

```bash
pipx install agent-bom
agent-bom agents --verbose   # blast radius detail for each agent
agent-bom agents -f json -o scan.json
agent-bom graph scan.json    # export graph from a saved JSON report
```

## When to Use

- "blast radius" / "what's the blast radius"
- "threat intel" / "threat intelligence"
- "risk score" / "risk scoring"
- "attack path" / "attack paths"
- "lateral movement"
- "context graph" / "agent graph"
- "who can reach what"

## Commands

```bash
# Blast radius detail (verbose)
agent-bom agents --verbose

# Generate context graph
agent-bom agents -f json -o scan.json
agent-bom graph scan.json
```

## Tools

| Tool | Description |
|------|-------------|
| `blast_radius` | Map CVE impact chain across agents, servers, and credentials |
| `context_graph` | Agent context graph with lateral movement analysis |
| `analytics_query` | Query vulnerability trends, posture history, and risk scores |

## Examples

```
# Map blast radius of a specific CVE
blast_radius(cve_id="CVE-2024-21538")

# Build full context graph
context_graph()

# Query top CVEs by blast radius impact
analytics_query(query="top_blast_radius", days=30)
```

**Example blast radius output:**
```
CVE-2024-21538 — CRITICAL (CVSS 9.8, EPSS 0.94)
Blast Radius: 4 agents affected

  filesystem   [direct]  langchain 0.1.0 → CVE-2024-21538
    └─ github  [indirect] shares filesystem credential scope
    └─ slack   [indirect] accessible via filesystem tool call
  postgres     [direct]  langchain 0.1.0 → CVE-2024-21538

Recommended: Update langchain to ≥ 0.1.17
```

## Guardrails

- Analysis is read-only — no files are modified.
- Only public CVE IDs are sent externally (to EPSS and vulnerability databases).
- No internal config data, credentials, or agent details leave the machine.
- Present blast radius findings clearly and ask the user whether to generate a remediation plan when CRITICAL CVEs are found.

Related Skills

We are still matching the closest adjacent skills for this page. In the meantime, continue through the full directory.