← 返回 Skills 市场
135
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install cve-scanner
功能描述
Scan and identify Common Vulnerabilities and Exposures (CVEs) in software components and dependencies.
使用说明 (SKILL.md)
# Overview
The CVE Scanner is a security-focused API that enables developers, security teams, and DevOps professionals to rapidly identify and assess Common Vulnerabilities and Exposures (CVEs) affecting their software supply chain. By submitting package names, versions, or vulnerability identifiers, users receive comprehensive CVE data including severity ratings, affected versions, and remediation guidance.
This tool integrates seamlessly into CI/CD pipelines, vulnerability management workflows, and security audits. It leverages authoritative CVE databases to deliver accurate, up-to-date intelligence on software vulnerabilities, helping organizations prioritize patching efforts and reduce risk exposure.
Ideal users include security engineers, application developers, DevOps teams, and compliance officers who need rapid, reliable CVE lookup capabilities integrated into automated security workflows.
## Usage
### Sample Request
```json
{
"query": "log4j 2.14.1"
}
Sample Response
{
"vulnerabilities": [
{
"cve_id": "CVE-2021-44228",
"title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"severity": "CRITICAL",
"cvss_score": 10.0,
"affected_versions": [
"2.0-beta9 through 2.15.0"
],
"description": "Apache Log4j2 versions less than 2.16.0 are vulnerable to remote code execution via JNDI injection.",
"published_date": "2021-12-10",
"updated_date": "2024-01-15",
"remediation": "Upgrade to Log4j 2.16.0 or later"
}
],
"query_timestamp": "2024-01-20T14:32:15Z",
"total_vulnerabilities_found": 1
}
Endpoints
POST /scan-cve
Scan for Common Vulnerabilities and Exposures matching a given query string.
Method: POST
Path: /scan-cve
Request Parameters:
| Name | Type | Required | Description |
|---|---|---|---|
query |
string | Yes | The search query for CVE scanning. Can be a package name, version string, CVE identifier (e.g., "CVE-2021-44228"), or component name. |
Request Body (application/json):
{
"query": "string"
}
Response (200 - Success):
Returns a JSON object containing matched CVE records with vulnerability details, severity information, affected versions, and recommended remediation steps.
Response (422 - Validation Error):
Returns validation error details when the request schema is invalid or required fields are missing.
{
"detail": [
{
"loc": ["body", "query"],
"msg": "field required",
"type": "value_error.missing"
}
]
}
Pricing
| Plan | Calls/Day | Calls/Month | Price |
|---|---|---|---|
| Free | 5 | 50 | Free |
| Developer | 20 | 500 | $39/mo |
| Professional | 200 | 5,000 | $99/mo |
| Enterprise | 100,000 | 1,000,000 | $299/mo |
About
ToolWeb.in — 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.
- 🌐 toolweb.in
- 🔌 portal.toolweb.in
- 🤖 hub.toolweb.in
- 🐾 toolweb.in/openclaw/
- 🚀 rapidapi.com/user/mkrishna477
- 📺 youtube.com/@toolweb-009
References
- Kong Route:
https://api.mkkpro.com/security/cve-scanner - API Docs:
https://api.mkkpro.com:8010/docs
安全使用建议
This skill appears to be an instruction-only wrapper for a hosted CVE lookup API (references to api.mkkpro.com and toolweb.in). Before installing or using it: (1) Confirm the exact endpoint(s) the skill will call (base URL, TLS), and whether it requires an API key or account; (2) Do not send sensitive or proprietary package/component identifiers until you confirm the vendor's privacy policy and data retention; (3) Verify costs and rate limits (the SKILL.md lists paid plans but gives no auth details); (4) If you need on-premise or offline scanning for sensitive code, prefer a tool that runs locally rather than sending queries to an unknown third party; (5) Ask the publisher for provenance (who operates api.mkkpro.com / toolweb.in) and a security/privacy statement. These clarifications would raise confidence; absence of them is why I mark the skill as suspicious.
功能分析
Type: OpenClaw Skill
Name: cve-scanner
Version: 1.0.0
The CVE Scanner skill is a legitimate API wrapper designed to query vulnerability data from an external service (api.mkkpro.com). The SKILL.md and openapi.json files describe a standard request-call pattern for looking up CVEs based on package names or identifiers, with no evidence of malicious intent, data exfiltration, or prompt injection.
能力评估
Purpose & Capability
Name and description (CVE lookup) match the included OpenAPI manifest and SKILL.md. Requiring no local tools, files, or credentials is plausible for a simple remote CVE lookup service.
Instruction Scope
SKILL.md describes POST /scan-cve and gives request/response examples and usage guidance; it does not instruct the agent to read local files or environment variables. However, the document references external hosts (api.mkkpro.com, toolweb.in) and an API gateway — the instructions are ambiguous about which host/URL the agent should call and whether queries (which may contain sensitive package or repo identifiers) will be transmitted to that external service.
Install Mechanism
No install spec and no code files — this is instruction-only, so nothing is written to disk and no packages are pulled during install.
Credentials
The skill declares no required credentials or env vars, yet SKILL.md advertises a hosted API with paid plans and endpoint URLs. There is an inconsistency: a hosted/paid API typically requires API keys or authentication, but none are declared. Also, queries (package names, versions, possibly proprietary component identifiers) will be sent to an external service — this is expected for such a tool but is a privacy/telemetry risk that is not documented here.
Persistence & Privilege
always is false and the skill is user-invocable. There is no indication the skill requests persistent system presence or modifies other skills/config.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install cve-scanner - 安装完成后,直接呼叫该 Skill 的名称或使用
/cve-scanner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of CVE Scanner.
- Scan and identify Common Vulnerabilities and Exposures (CVEs) in software components and dependencies.
- Accepts package names, versions, or CVE identifiers as query input.
- Returns comprehensive CVE data including severity, affected versions, and remediation steps.
- Designed for integration into CI/CD pipelines and security workflows.
- Provides tiered pricing plans including a free option.
元数据
常见问题
CVE Scanner 是什么?
Scan and identify Common Vulnerabilities and Exposures (CVEs) in software components and dependencies. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 135 次。
如何安装 CVE Scanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install cve-scanner」即可一键安装,无需额外配置。
CVE Scanner 是免费的吗?
是的,CVE Scanner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
CVE Scanner 支持哪些平台?
CVE Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 CVE Scanner?
由 ToolWeb(@krishnakumarmahadevan-cmd)开发并维护,当前版本 v1.0.0。
推荐 Skills