← Back to Skills Marketplace
52yuanchangxing

Sbom Explainer

by vx:17605205782 · GitHub ↗ · v1.0.0 · MIT-0
darwinlinuxwin32 ✓ Security Clean
162
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install sbom-explainer
Description
把依赖清单或 SBOM 翻译成非技术可读的风险说明,按影响面排序。;use for sbom, dependencies, risk workflows;do not use for 伪造 CVE 状态, 替代专业漏洞扫描.
Usage Guidance
This skill appears to do what it says: produce human-friendly, structured SBOM briefings using only local inputs. Before running: (1) inspect scripts/run.py yourself (it is small and readable) to confirm behavior; (2) only pass intended SBOM files or project directories — do not point the script at system roots or directories containing secrets; (3) run it in an isolated environment (workdir or container) if you are unsure; (4) note the skill is an explanation layer, not a replacement for vulnerability scanning — continue to use dedicated scanners for CVE status and remediation. If you need stronger assurance, verify there are no network calls in the execution environment and run the smoke-test included in tests/smoke-test.md.
Capability Analysis
Type: OpenClaw Skill Name: sbom-explainer Version: 1.0.0 The 'sbom-explainer' skill is a well-structured tool designed to translate Software Bill of Materials (SBOM) data into human-readable risk reports. The core logic in `scripts/run.py` is defensive and analytical, featuring a built-in scanner that identifies (and partially redacts) dangerous patterns like 'curl|bash' or exposed secrets. The skill includes clear safety boundaries in `SKILL.md`, lacks network access or obfuscation, and focuses entirely on local file processing and report generation.
Capability Assessment
Purpose & Capability
Name/description match the included files and script. The bundle contains templates, a spec.json, examples, and a Python script that formats input SBOM/dependency material into the indicated structured brief. Required binary (python3) is appropriate and minimal.
Instruction Scope
SKILL.md confines the skill to explanation/briefing (not scanning or making changes) and instructs using scripts/resources. The run.py implementation performs read-only analysis and templating. However, run.py accepts directories and will recursively read many text file types under whatever path is given, so the agent or user must avoid supplying sensitive system directories as input.
Install Mechanism
No install spec is present (instruction-only skill with a local script). This is low risk: nothing is downloaded or written to system locations by an installer.
Credentials
No environment variables, credentials, or config paths are required. The script performs local file reads only and does not contact external endpoints or require secrets.
Persistence & Privilege
Skill does not request permanent presence (always:false). It does not modify other skills or global agent settings. The script can write an output file if asked, but otherwise operates read-only and supports a dry-run mode.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install sbom-explainer
  3. After installation, invoke the skill by name or use /sbom-explainer
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of sbom-explainer. - Translates SBOMs or dependency lists into non-technical, human-readable risk summaries sorted by impact. - Clearly separates suitable and unsuitable use cases, emphasizing boundaries (not for CVE forgery or vulnerability scanning). - Outputs include dependency overview, key risks, affected scope, priorities, mitigation advice, and communication points. - Provides structured drafts for review, listing missing info as confirmation items, and maintains security boundaries—read-only and audit-friendly. - Supports both shell execution (where permitted) and direct text output using provided templates and specs.
Metadata
Slug sbom-explainer
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Sbom Explainer?

把依赖清单或 SBOM 翻译成非技术可读的风险说明,按影响面排序。;use for sbom, dependencies, risk workflows;do not use for 伪造 CVE 状态, 替代专业漏洞扫描. It is an AI Agent Skill for Claude Code / OpenClaw, with 162 downloads so far.

How do I install Sbom Explainer?

Run "/install sbom-explainer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Sbom Explainer free?

Yes, Sbom Explainer is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Sbom Explainer support?

Sbom Explainer is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).

Who created Sbom Explainer?

It is built and maintained by vx:17605205782 (@52yuanchangxing); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments