CVE Fixer
There is a scheduled Ambient job that runs every night to detect CVEs in the repository.
If CVEs are detected then a PR is created and pushed to the repository.
These are the scanned repositories:
- https://github.com/eval-hub/eval-hub /
mainbranch withauto-pushenabled
These are the details of the scheduled job:
| Property | Value |
|---|---|
| Name | CVE fixer (nightly) |
| Workflow | cve-fixer |
| Schedule | 20 2 * * * |
| Inactivity Timeout | 36000 seconds (1 hour) |
| Runner Type | Claude Code |
| Model | Claude Opus 4.6 |
This is the initial prompt for the job:
Use the GitHub credentials that are provided in the integrations section. Find any CVEs in the repository dependencies and create a PR with the proposed fix in the repository by following the instructions in the
CLAUDE.mdin the repository.
github credentials
Section titled “github credentials”The github credentials that are used for this job is a fine-grained personal access token that
has the following characteristics:
Organization: eval-hub
Repositories: all
| Permission | Access |
|---|---|
| Metadata (Required) | Read-only |
| Contents | Read and write |
| Pull requests | Read and write |