← Back to Skills Marketplace
227
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install open-cve-scanner-repo
Description
오픈소스 취약점 분석 스킬. 사용자가 오픈소스 패키지 이름과 사용 중인 버전을 입력하면, NVD(NIST), OSV.dev(Google), GitHub Advisory 3개 데이터 소스에서 CVE 취약점을 조회하여 최신 버전 정보와 함께 보안 리포트를 생성한다. 마크다운, Exce...
Usage Guidance
This skill appears to be a legitimate CVE scanner: it contains Python clients for NVD, OSV, and GitHub and instructions to install dependencies and run scans. Things to consider before installing:
- Source provenance: the registry metadata lists no homepage/source; if you don't trust the origin, review the bundled code yourself (requests to external APIs are visible and expected).
- Installation: it instructs pip install -r requirements.txt — run inside a virtualenv or sandbox to avoid affecting your system Python.
- API keys: NVD_API_KEY and GITHUB_TOKEN are optional and only increase rate limits; avoid supplying any unrelated secrets.
- Network behavior: the tool makes outbound requests to NVD, OSV, registry APIs, and GitHub — this is required for functionality. If you must protect sensitive dependency lists, be aware those names/versions are sent to external services.
- License: project uses AGPL-3.0 (per README) which has stronger copyleft obligations; consider legal implications for your use.
If you want higher assurance, review scripts/cve-scanner.py and the cve_sources clients (they are included) or run the tool in an isolated environment before adding it to production workflows.
Capability Analysis
Type: OpenClaw Skill
Name: open-cve-scanner-repo
Version: 1.0.1
The bundle is a comprehensive CVE scanner designed to analyze open-source packages and independent software (like Docker or Nginx) for vulnerabilities. It fetches data from legitimate public sources including NVD (NIST), OSV.dev (Google), and GitHub Advisory. The code is well-structured, modular, and lacks any signs of obfuscation, data exfiltration, or malicious intent. While some test scripts (e.g., test_independent_software.sh) contain hardcoded local file paths, these appear to be unintentional development artifacts rather than malicious indicators.
Capability Assessment
Purpose & Capability
Name/description (CVE scanner) match the included Python clients, registry lookups, CPE logic, and report generators. The files and tests are appropriate for a vulnerability-scanning tool.
Instruction Scope
SKILL.md instructions focus on scanning packages and dependency files, generating reports, and optionally providing API keys for rate limits. Runtime steps reference only package registries and the three vulnerability data sources (NVD, OSV, GitHub), which matches the stated purpose.
Install Mechanism
There is no platform install spec; the skill is delivered as code and the README/SKILL.md instructs 'pip install -r requirements.txt'. That is expected but means installing Python dependencies happens at runtime — verify requirements.txt before installing and prefer a virtualenv or isolated environment.
Credentials
No required environment variables are declared. NVD/GitHub API keys are optional and justified (rate-limit increases). No unrelated secrets or config paths are requested.
Persistence & Privilege
Skill does not request always:true and has no special persistence. It may update its local package DB (add_package_to_database) which is reasonable for auto-detection caching and limited to its own files.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install open-cve-scanner-repo - After installation, invoke the skill by name or use
/open-cve-scanner-repo - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Removed the main program file cve-scanner from the repository.
- Updated README.md with usage instructions, options, and example outputs.
v1.0.0
open-cve-scanner-repo 1.0.0
- 최초 릴리스: 오픈소스 패키지 및 의존성 파일의 CVE 취약점 분석 및 보안 리포트 생성 지원
- NVD(NIST), OSV.dev(Google), GitHub Advisory 3개 보안 데이터 소스 연동
- 다양한 출력 형식 지원: Markdown, Excel/CSV, JSON
- 단일 패키지 입력 및 package.json, requirements.txt 등 파일 업로드로 일괄 분석 가능
- 주요 분석 옵션 및 API 키 연동 기능 제공
- 다양한 언어 및 생태계(npm, PyPI, Maven, Go 등) 지원
Metadata
Frequently Asked Questions
What is Open Cve Scanner Repo?
오픈소스 취약점 분석 스킬. 사용자가 오픈소스 패키지 이름과 사용 중인 버전을 입력하면, NVD(NIST), OSV.dev(Google), GitHub Advisory 3개 데이터 소스에서 CVE 취약점을 조회하여 최신 버전 정보와 함께 보안 리포트를 생성한다. 마크다운, Exce... It is an AI Agent Skill for Claude Code / OpenClaw, with 227 downloads so far.
How do I install Open Cve Scanner Repo?
Run "/install open-cve-scanner-repo" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Open Cve Scanner Repo free?
Yes, Open Cve Scanner Repo is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Open Cve Scanner Repo support?
Open Cve Scanner Repo is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Open Cve Scanner Repo?
It is built and maintained by rebugui (@rebugui); the current version is v1.0.1.
More Skills