← Back to Skills Marketplace
edwinjhlee

x-osv

by Edwin.JH.Lee · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ✓ Security Clean
277
Downloads
1
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install x-osv
Description
CLI for Google OSV database. Query vulnerabilities for packages, scan local projects for vulnerable dependencies. **Dependency**: This is an x-cmd module. In...
Usage Guidance
This skill appears coherent and low-risk: it simply documents an x-cmd wrapper around OSV and relies on the external osv-scanner for project scans. Before using: install x-cmd and osv-scanner from their official sources (brew and the GitHub repo), inspect/verify those tools if you are cautious, and be aware that scanning will read your project's dependency files and produce SARIF/reports (which may contain sensitive information about your codebase). If you need to limit exposure, run scans in an isolated environment or container. If you expect higher-volume querying, consider authenticating with OSV (the doc notes unauthenticated rate limits).
Capability Analysis
Type: OpenClaw Skill Name: x-osv Version: 1.0.1 The skill bundle is a legitimate CLI wrapper for the Google OSV (Open Source Vulnerabilities) database and the osv-scanner tool. The documentation in SKILL.md and metadata in _meta.json are consistent with its stated purpose of querying package vulnerabilities and scanning local projects, with no evidence of malicious intent, data exfiltration, or prompt injection.
Capability Assessment
Purpose & Capability
Name/description describe querying OSV and scanning projects; SKILL.md only asks for x-cmd (runtime) and osv-scanner (scanner) which are exactly what that functionality needs.
Instruction Scope
Runtime instructions are limited to running the x osv commands and invoking osv-scanner on specified paths/lockfiles. The doc does not instruct reading unrelated system files, exfiltrating data, or accessing credentials.
Install Mechanism
This is an instruction-only skill with no install spec or embedded code. It suggests installing x-cmd (brew) and osv-scanner (GitHub) which is a reasonable, low-risk instruction; no downloads or archive extraction are performed by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. The SKILL.md explicitly states no API key is required for basic usage.
Persistence & Privilege
Skill is not forced-always, does not request persistent privileges, and does not modify other skills or global agent settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install x-osv
  3. After installation, invoke the skill by name or use /x-osv
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
x-osv 1.0.1 - Clarified that osv-scanner must be installed separately for project scanning functionality. - Updated documentation to highlight prerequisites and improve installation instructions. - Streamlined features list and removed references to experimental or unsupported features. - Simplified examples and command descriptions for clarity. - Removed AI search and cloud storage commands from the documentation.
v1.0.0
x-osv 1.0.0 — Initial Release - Provides a CLI to interact with the Google OSV (Open Source Vulnerabilities) database. - Supports querying vulnerabilities for specific packages, project scanning, and vulnerability detail retrieval. - Can generate SARIF-formatted security reports for various ecosystems (npm, pip, Maven, Go, Rust, etc.). - Features AI-powered search and summarization via DuckDuckGo and AI integration. - Requires x-cmd as a dependency. - No API key needed for core features; subject to OSV rate limits.
Metadata
Slug x-osv
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is x-osv?

CLI for Google OSV database. Query vulnerabilities for packages, scan local projects for vulnerable dependencies. **Dependency**: This is an x-cmd module. In... It is an AI Agent Skill for Claude Code / OpenClaw, with 277 downloads so far.

How do I install x-osv?

Run "/install x-osv" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is x-osv free?

Yes, x-osv is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does x-osv support?

x-osv is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created x-osv?

It is built and maintained by Edwin.JH.Lee (@edwinjhlee); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments