There are two Workflows in the Vulnerability Toolkit that look very similar:
I noticed that both listen for the Regex !lookup-vuln
Is the AttackKB one replacing the vulnDB one? Should they be combined to look at both DBs? or should the Regex for the AttackKB one be modified to look for something like !lookup-exploit ?
Hey Brandon! You’re spot on, these two workflows share the !lookup-vuln trigger command.
When planning these workflows, we thought it made more sense to “overload” this trigger so both workflows would run if they are both active. One is not meant to be a replacement of the other; rather, they’re meant to be complementary.
A couple of reasons we didn’t combine these into one workflow:
If someone took the time to combine these two workflows into one that performs both the vulnerability and the exploit lookup, and that someone felt inspired enough to contribute it back to us, then we would be more than happy to post it to the extension library and shower that someone with thanks, praise, and forum badges!! 
I’ve been thinking about this and I kind of like the parallel functionality. I have been thinking about expanding this to get the assets that are vulnerable to a CVE or the ability to query an asset and CVE and it will return if it is vulnerable or not. I will share these with the community once I have them.
Just did a PR for “Lookup Vulnerability from Microsoft Teams” with the commit “Consolidated Teams Settings into one step” because I loved how the other workflows used the Type Converter to centralize all the settings needing changed, definitely something I will be doing in all my Workflows and I think should be a standard. The PR is under my GitHub name so I don’t think it will link here.