@blamejs/exceptd-skills 0.16.10 → 0.16.12

package/data/_indexes/currency.json

@@ -6,7 +6,7 @@
     "decay_formula": "100 base; -30/-20/-10/-5 at 180/90/60/30-day thresholds. forward_watch count does NOT affect the score (it's a maintenance signal, not a staleness one). Label thresholds: ≥90 current, ≥70 acceptable, ≥50 stale, <50 critical_stale."
   },
   "summary": {
-    "current": 42,
+    "current": 44,
     "acceptable": 0,
     "stale": 0,
     "critical_stale": 0,
@@ -211,6 +211,15 @@
       "forward_watch_count": 4,
       "action_required": false
     },
+    {
+      "skill": "mail-server-hardening",
+      "last_threat_review": "2026-06-02",
+      "days_since_review": -18,
+      "currency_score": 100,
+      "currency_label": "current",
+      "forward_watch_count": 0,
+      "action_required": false
+    },
     {
       "skill": "mcp-agent-trust",
       "last_threat_review": "2026-05-17",
@@ -373,6 +382,15 @@
       "forward_watch_count": 6,
       "action_required": false
     },
+    {
+      "skill": "vc-wallet-trust",
+      "last_threat_review": "2026-06-02",
+      "days_since_review": -18,
+      "currency_score": 100,
+      "currency_label": "current",
+      "forward_watch_count": 0,
+      "action_required": false
+    },
     {
       "skill": "webapp-security",
       "last_threat_review": "2026-05-11",

package/data/_indexes/frequency.json

@@ -36,9 +36,10 @@
         ]
       },
       "CWE-672": {
-        "count": 1,
+        "count": 2,
         "skills": [
-          "kernel-lpe-triage"
+          "kernel-lpe-triage",
+          "vc-wallet-trust"
         ]
       },
       "CWE-787": {
@@ -77,10 +78,11 @@
         ]
       },
       "CWE-22": {
-        "count": 4,
+        "count": 5,
         "skills": [
           "api-security",
           "attack-surface-pentest",
+          "mail-server-hardening",
           "mcp-agent-trust",
           "webapp-security"
         ]
@@ -118,9 +120,10 @@
         ]
       },
       "CWE-77": {
-        "count": 3,
+        "count": 4,
         "skills": [
           "api-security",
+          "mail-server-hardening",
           "mcp-agent-trust",
           "webapp-security"
         ]
@@ -214,13 +217,14 @@
         ]
       },
       "CWE-200": {
-        "count": 6,
+        "count": 7,
         "skills": [
           "age-gates-child-safety",
           "api-security",
           "cloud-security",
           "dlp-gap-analysis",
           "sector-healthcare",
+          "vc-wallet-trust",
           "webapp-security"
         ]
       },
@@ -300,13 +304,15 @@
         ]
       },
       "CWE-863": {
-        "count": 6,
+        "count": 8,
         "skills": [
           "api-security",
           "cloud-iam-incident",
           "identity-assurance",
           "idp-incident-response",
+          "mail-server-hardening",
           "sector-financial",
+          "vc-wallet-trust",
           "webapp-security"
         ]
       },
@@ -329,6 +335,36 @@
         "skills": [
           "idp-incident-response"
         ]
+      },
+      "CWE-347": {
+        "count": 1,
+        "skills": [
+          "vc-wallet-trust"
+        ]
+      },
+      "CWE-290": {
+        "count": 1,
+        "skills": [
+          "vc-wallet-trust"
+        ]
+      },
+      "CWE-93": {
+        "count": 1,
+        "skills": [
+          "mail-server-hardening"
+        ]
+      },
+      "CWE-611": {
+        "count": 1,
+        "skills": [
+          "mail-server-hardening"
+        ]
+      },
+      "CWE-400": {
+        "count": 1,
+        "skills": [
+          "mail-server-hardening"
+        ]
       }
     },
     "d3fend_refs": {
@@ -514,22 +550,25 @@
     },
     "framework_gaps": {
       "NIST-800-53-SI-2": {
-        "count": 1,
+        "count": 2,
         "skills": [
-          "kernel-lpe-triage"
+          "kernel-lpe-triage",
+          "mail-server-hardening"
         ]
       },
       "ISO-27001-2022-A.8.8": {
-        "count": 2,
+        "count": 3,
         "skills": [
           "coordinated-vuln-disclosure",
-          "kernel-lpe-triage"
+          "kernel-lpe-triage",
+          "mail-server-hardening"
         ]
       },
       "PCI-DSS-4.0-6.3.3": {
-        "count": 1,
+        "count": 2,
         "skills": [
-          "kernel-lpe-triage"
+          "kernel-lpe-triage",
+          "mail-server-hardening"
         ]
       },
       "NIS2-Art21-patch-management": {
@@ -851,9 +890,10 @@
         ]
       },
       "NIST-800-63B-rev4": {
-        "count": 1,
+        "count": 2,
         "skills": [
-          "identity-assurance"
+          "identity-assurance",
+          "vc-wallet-trust"
         ]
       },
       "PSD2-RTS-SCA": {
@@ -1023,15 +1063,17 @@
         ]
       },
       "NIST-800-53-IA-5-Federated": {
-        "count": 1,
+        "count": 2,
         "skills": [
-          "idp-incident-response"
+          "idp-incident-response",
+          "vc-wallet-trust"
         ]
       },
       "ISO-27001-2022-A.5.16-Federated": {
-        "count": 1,
+        "count": 2,
         "skills": [
-          "idp-incident-response"
+          "idp-incident-response",
+          "vc-wallet-trust"
         ]
       },
       "SOC2-CC6-OAuth-Consent": {
@@ -1053,9 +1095,10 @@
         ]
       },
       "NIS2-Art-21-Federated-Identity": {
-        "count": 1,
+        "count": 2,
         "skills": [
-          "idp-incident-response"
+          "idp-incident-response",
+          "vc-wallet-trust"
         ]
       },
       "DORA-Art-19-IdP-4h": {
@@ -1069,6 +1112,18 @@
         "skills": [
           "idp-incident-response"
         ]
+      },
+      "UK-CAF-B2": {
+        "count": 1,
+        "skills": [
+          "vc-wallet-trust"
+        ]
+      },
+      "NIS2-Art21-network-security": {
+        "count": 1,
+        "skills": [
+          "mail-server-hardening"
+        ]
       }
     },
     "atlas_refs": {
@@ -1207,7 +1262,7 @@
         ]
       },
       "T1190": {
-        "count": 13,
+        "count": 14,
         "skills": [
           "ai-attack-surface",
           "api-security",
@@ -1215,6 +1270,7 @@
           "cloud-security",
           "container-runtime-security",
           "fuzz-testing-strategy",
+          "mail-server-hardening",
           "mcp-agent-trust",
           "ot-ics-security",
           "sector-energy",
@@ -1330,10 +1386,11 @@
         ]
       },
       "T1556": {
-        "count": 2,
+        "count": 3,
         "skills": [
           "identity-assurance",
-          "sector-telecom"
+          "sector-telecom",
+          "vc-wallet-trust"
         ]
       },
       "T1110": {
@@ -1462,6 +1519,30 @@
         "skills": [
           "idp-incident-response"
         ]
+      },
+      "T1606": {
+        "count": 1,
+        "skills": [
+          "vc-wallet-trust"
+        ]
+      },
+      "T1550": {
+        "count": 1,
+        "skills": [
+          "vc-wallet-trust"
+        ]
+      },
+      "T1071.003": {
+        "count": 1,
+        "skills": [
+          "mail-server-hardening"
+        ]
+      },
+      "T1557": {
+        "count": 1,
+        "skills": [
+          "mail-server-hardening"
+        ]
       }
     },
     "rfc_refs": {
@@ -1671,6 +1752,33 @@
           "webapp-security"
         ]
       },
+      {
+        "id": "CWE-863",
+        "count": 8,
+        "skills": [
+          "api-security",
+          "cloud-iam-incident",
+          "identity-assurance",
+          "idp-incident-response",
+          "mail-server-hardening",
+          "sector-financial",
+          "vc-wallet-trust",
+          "webapp-security"
+        ]
+      },
+      {
+        "id": "CWE-200",
+        "count": 7,
+        "skills": [
+          "age-gates-child-safety",
+          "api-security",
+          "cloud-security",
+          "dlp-gap-analysis",
+          "sector-healthcare",
+          "vc-wallet-trust",
+          "webapp-security"
+        ]
+      },
       {
         "id": "CWE-798",
         "count": 7,
@@ -1733,18 +1841,6 @@
           "sector-healthcare"
         ]
       },
-      {
-        "id": "CWE-200",
-        "count": 6,
-        "skills": [
-          "age-gates-child-safety",
-          "api-security",
-          "cloud-security",
-          "dlp-gap-analysis",
-          "sector-healthcare",
-          "webapp-security"
-        ]
-      },
       {
         "id": "CWE-269",
         "count": 6,
@@ -1768,18 +1864,6 @@
           "identity-assurance",
           "webapp-security"
         ]
-      },
-      {
-        "id": "CWE-863",
-        "count": 6,
-        "skills": [
-          "api-security",
-          "cloud-iam-incident",
-          "identity-assurance",
-          "idp-incident-response",
-          "sector-financial",
-          "webapp-security"
-        ]
       }
     ],
     "d3fend_refs": [
@@ -2127,41 +2211,42 @@
     ],
     "attack_refs": [
       {
-        "id": "T1078",
-        "count": 13,
+        "id": "T1190",
+        "count": 14,
         "skills": [
-          "age-gates-child-safety",
+          "ai-attack-surface",
           "api-security",
           "attack-surface-pentest",
-          "cloud-iam-incident",
           "cloud-security",
-          "email-security-anti-phishing",
-          "identity-assurance",
-          "incident-response-playbook",
-          "ransomware-response",
+          "container-runtime-security",
+          "fuzz-testing-strategy",
+          "mail-server-hardening",
+          "mcp-agent-trust",
+          "ot-ics-security",
           "sector-energy",
+          "sector-federal-government",
           "sector-financial",
-          "sector-healthcare",
-          "sector-telecom"
+          "sector-telecom",
+          "webapp-security"
         ]
       },
       {
-        "id": "T1190",
+        "id": "T1078",
         "count": 13,
         "skills": [
-          "ai-attack-surface",
+          "age-gates-child-safety",
           "api-security",
           "attack-surface-pentest",
+          "cloud-iam-incident",
           "cloud-security",
-          "container-runtime-security",
-          "fuzz-testing-strategy",
-          "mcp-agent-trust",
-          "ot-ics-security",
+          "email-security-anti-phishing",
+          "identity-assurance",
+          "incident-response-playbook",
+          "ransomware-response",
           "sector-energy",
-          "sector-federal-government",
           "sector-financial",
-          "sector-telecom",
-          "webapp-security"
+          "sector-healthcare",
+          "sector-telecom"
         ]
       },
       {
@@ -2226,15 +2311,16 @@
         ]
       },
       {
-        "id": "T0855",
-        "count": 2,
+        "id": "T1556",
+        "count": 3,
         "skills": [
-          "ot-ics-security",
-          "sector-energy"
+          "identity-assurance",
+          "sector-telecom",
+          "vc-wallet-trust"
         ]
       },
       {
-        "id": "T0883",
+        "id": "T0855",
         "count": 2,
         "skills": [
           "ot-ics-security",
@@ -2364,8 +2450,12 @@
     "cwe_refs": [
       "CWE-20",
       "CWE-284",
+      "CWE-290",
       "CWE-327",
-      "CWE-672"
+      "CWE-347",
+      "CWE-400",
+      "CWE-611",
+      "CWE-93"
     ],
     "d3fend_refs": [
       "D3-CAA",
@@ -2391,29 +2481,25 @@
       "FCC-Cyber-Incident-Notification-2024",
       "FedRAMP-IL5-IAM-Federated",
       "GSMA-NESAS-Deployment",
-      "ISO-27001-2022-A.5.16-Federated",
       "ISO-27017-Cloud-IAM",
       "ITU-T-X.805",
       "Immutable-Backup-Recovery",
       "Insurance-Carrier-24h-Notification",
       "NIS2-Annex-I-Telecom",
-      "NIS2-Art-21-Federated-Identity",
+      "NIS2-Art21-network-security",
       "NIST-800-53-AC-2-Cross-Account",
-      "NIST-800-53-IA-5-Federated",
       "NIST-800-53-SI-12",
-      "NIST-800-53-SI-2",
-      "NIST-800-63B-rev4",
       "OFAC-SDN-Payment-Block",
       "OFAC-Sanctions-Threat-Actor-Negotiation",
       "OWASP-LLM-Top-10-2025-LLM02",
       "OWASP-LLM-Top-10-2025-LLM06",
       "OWASP-Pen-Testing-Guide-v5",
-      "PCI-DSS-4.0-6.3.3",
       "PHI-Exfil-Before-Encrypt-Breach-Class",
       "PTES-Pre-engagement",
       "SOC2-CC6-Access-Key-Leak-Public-Repo",
       "SOC2-CC6-OAuth-Consent",
       "SPDX-v3.0-SBOM",
+      "UK-CAF-B2",
       "UK-CAF-B2-Cloud-IAM",
       "UK-CAF-B2-IdP-Tenant",
       "UK-CAF-B5",
@@ -2423,6 +2509,7 @@
       "AML.T0040"
     ],
     "attack_refs": [
+      "T1071.003",
       "T1098",
       "T1102",
       "T1110",
@@ -2432,14 +2519,17 @@
       "T1505",
       "T1538",
       "T1548.001",
+      "T1550",
       "T1552",
       "T1552.005",
       "T1556.007",
+      "T1557",
       "T1566.001",
       "T1566.002",
       "T1566.003",
       "T1568",
       "T1580",
+      "T1606",
       "T1606.002",
       "T1610",
       "T1611"
@@ -2505,7 +2595,6 @@
       "CWE-282",
       "CWE-285",
       "CWE-288",
-      "CWE-290",
       "CWE-305",
       "CWE-310",
       "CWE-312",
@@ -2520,7 +2609,6 @@
       "CWE-338",
       "CWE-340",
       "CWE-346",
-      "CWE-347",
       "CWE-35",
       "CWE-353",
       "CWE-367",
@@ -2528,7 +2616,6 @@
       "CWE-384",
       "CWE-385",
       "CWE-399",
-      "CWE-400",
       "CWE-420",
       "CWE-426",
       "CWE-427",
@@ -2554,7 +2641,6 @@
       "CWE-566",
       "CWE-59",
       "CWE-601",
-      "CWE-611",
       "CWE-613",
       "CWE-614",
       "CWE-639",
@@ -2595,7 +2681,6 @@
       "CWE-917",
       "CWE-922",
       "CWE-924",
-      "CWE-93",
       "CWE-940",
       "CWE-941",
       "CWE-942",
@@ -3272,7 +3357,6 @@
       "NIS2-Art21-business-continuity",
       "NIS2-Art21-identity-management",
       "NIS2-Art21-incident-handling",
-      "NIS2-Art21-network-security",
       "NIS2-Art21-supply-chain",
       "NIS2-Art21-vulnerability-handling",
       "NIS2-Art21-vulnerability-management",
@@ -3324,7 +3408,6 @@
       "SLSA-3",
       "SLSA-v1.0-Source-L3",
       "UK-CAF-A1",
-      "UK-CAF-B2",
       "UK-CAF-B4",
       "UK-CAF-C1",
       "UK-CAF-D1"

package/data/_indexes/handoff-dag.json

@@ -22,6 +22,7 @@
     "idp-incident-response",
     "incident-response-playbook",
     "kernel-lpe-triage",
+    "mail-server-hardening",
     "mcp-agent-trust",
     "mlops-security",
     "ot-ics-security",
@@ -40,6 +41,7 @@
     "supply-chain-integrity",
     "threat-model-currency",
     "threat-modeling-methodology",
+    "vc-wallet-trust",
     "webapp-security",
     "zeroday-gap-learn"
   ],
@@ -513,7 +515,9 @@
       "sector-federal-government",
       "sector-financial",
       "sector-telecom"
-    ]
+    ],
+    "vc-wallet-trust": [],
+    "mail-server-hardening": []
   },
   "in_degree": {
     "age-gates-child-safety": 1,
@@ -538,6 +542,7 @@
     "idp-incident-response": 2,
     "incident-response-playbook": 18,
     "kernel-lpe-triage": 12,
+    "mail-server-hardening": 0,
     "mcp-agent-trust": 22,
     "mlops-security": 6,
     "ot-ics-security": 4,
@@ -556,6 +561,7 @@
     "supply-chain-integrity": 17,
     "threat-model-currency": 6,
     "threat-modeling-methodology": 4,
+    "vc-wallet-trust": 0,
     "webapp-security": 3,
     "zeroday-gap-learn": 8
   },
@@ -582,6 +588,7 @@
     "idp-incident-response": 12,
     "incident-response-playbook": 20,
     "kernel-lpe-triage": 6,
+    "mail-server-hardening": 0,
     "mcp-agent-trust": 7,
     "mlops-security": 10,
     "ot-ics-security": 14,
@@ -600,6 +607,7 @@
     "supply-chain-integrity": 4,
     "threat-model-currency": 5,
     "threat-modeling-methodology": 9,
+    "vc-wallet-trust": 0,
     "webapp-security": 10,
     "zeroday-gap-learn": 6
   }

package/data/_indexes/jurisdiction-map.json

@@ -23,6 +23,7 @@
       "idp-incident-response",
       "incident-response-playbook",
       "kernel-lpe-triage",
+      "mail-server-hardening",
       "mcp-agent-trust",
       "mlops-security",
       "ot-ics-security",
@@ -41,11 +42,12 @@
       "supply-chain-integrity",
       "threat-model-currency",
       "threat-modeling-methodology",
+      "vc-wallet-trust",
       "webapp-security",
       "zeroday-gap-learn"
     ],
     "example_excerpts": {},
-    "skill_count": 42
+    "skill_count": 44
   },
   "UK": {
     "skills": [
@@ -89,11 +91,12 @@
       "supply-chain-integrity",
       "threat-model-currency",
       "threat-modeling-methodology",
+      "vc-wallet-trust",
       "webapp-security",
       "zeroday-gap-learn"
     ],
     "example_excerpts": {},
-    "skill_count": 42
+    "skill_count": 43
   },
   "AU": {
     "skills": [
@@ -497,11 +500,12 @@
   },
   "NO": {
     "skills": [
+      "mail-server-hardening",
       "sector-energy",
       "skill-update-loop"
     ],
     "example_excerpts": {},
-    "skill_count": 2
+    "skill_count": 3
   },
   "MX": {
     "skills": [