The CVD Portal provides a dedicated AI Agent Skill to help autonomous agents interact with the platform programmatically. This allows AI assistants to automatically report vulnerabilities, verify compliance, and export advisories on your behalf.
Installing the Skill
If you are using an AI agent that supports the open agent skills ecosystem (like Gemini CLI or Claude), you can install the CVD Portal skill directly via the Skills CLI:
npx skills add cvdportal
How It Works
The skill teaches your AI agent the core concepts of the Cyber Resilience Act (CRA) and provides clear, structured workflows for interacting with the CVD Portal API.
Once activated, your AI agent can understand commands like:
- "Report a cross-site scripting vulnerability to Acme Corp via their CVD Portal."
- "Check my organization's current CRA compliance status on the CVD Portal."
- "Generate a CSAF 2.0 advisory for submission ID CVD-2026-005."
Authentication
To allow your AI agent to interact with your specific workspace, you must provide it with an API Key.
- Generate a new API key from your Workspace Settings -> Developer.
- Provide the key to your agent (usually by exporting an environment variable in the terminal where the agent is running).
- The skill instructs the agent to automatically attach this key as a Bearer Token when making requests to the
https://cvdportal.com/api/v1/...endpoints.
Security & Privacy
The CVD Portal Agent Skill is designed with security in mind:
- No Hardcoded Credentials: The skill explicitly instructs agents never to hardcode or log raw API keys.
- PII Protection: Agents are directed to mask or omit personally identifiable information (PII), such as researcher emails or IP addresses, when summarizing audit logs or vulnerability lists in plaintext chat interfaces.
- Scope Restriction: The skill only grants the agent knowledge of how to use the specific API endpoints required for vulnerability disclosure and compliance auditing.