← 返回 Skills 市场

Dep Vuln Scanner

Name: Dep Vuln Scanner
Author: johnnywang2001

作者 John Wang · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

218

总下载

当前安装

版本数

在 OpenClaw 中安装

/install dep-vuln-scanner

功能描述

Scan project dependencies for known security vulnerabilities using the OSV.dev API. Supports npm (package.json), Python/pip (requirements.txt), and Go (go.mo...

使用说明 (SKILL.md)

Dependency Vulnerability Scanner

Scan project dependencies against the OSV.dev vulnerability database. Zero config, no API keys.

Quick Start

# Scan current directory (auto-detects project type)
python3 scripts/dep_vuln_scan.py .

# Scan a specific project
python3 scripts/dep_vuln_scan.py /path/to/project

# JSON output for CI/CD
python3 scripts/dep_vuln_scan.py . --json

# Scan only npm dependencies
python3 scripts/dep_vuln_scan.py . --ecosystem npm

Supported Ecosystems

File	Ecosystem
`package.json`	npm
`requirements.txt`	PyPI
`go.mod`	Go

Multiple files in the same directory are scanned together.

Output

Color-coded severity: CRITICAL/HIGH (red), MEDIUM (yellow), LOW (green)
Includes CVE aliases, vulnerability IDs, and descriptions
Summary with total count and critical/high breakdown
Exit code 1 if any vulnerabilities found (useful for CI gates)

Flags

--json — Machine-readable JSON output
--ecosystem \x3Cname> — Filter by ecosystem (repeatable)

安全使用建议

The skill appears coherent and limited to scanning dependency files and querying OSV.dev. Before installing or running it: (1) review the included script locally (it is small and readable); (2) run it in a sandbox or CI job first if you have concerns about provenance; (3) be aware it needs outbound HTTPS to api.osv.dev and will silently ignore HTTP/network errors (you may want to run with network logging to confirm correct behavior); (4) because the source/packager metadata and homepage are missing, prefer to run the script from a trusted environment or add it to source control after review.

功能分析

Type: OpenClaw Skill Name: dep-vuln-scanner Version: 1.0.0 The skill is a legitimate dependency vulnerability scanner that checks project files (package.json, requirements.txt, go.mod) against the public OSV.dev API. The Python script (scripts/dep_vuln_scan.py) uses standard libraries, contains no obfuscation, and only transmits package names and versions to the official API endpoint (api.osv.dev) without any evidence of data exfiltration or malicious execution.

能力评估

✓ Purpose & Capability

Name/description match the provided script and SKILL.md. The script only parses package.json, requirements.txt, and go.mod and queries the OSV.dev API — exactly what you'd expect for a dependency vulnerability scanner.

✓ Instruction Scope

SKILL.md instructs running the included Python script against a project directory. The runtime instructions and script only read dependency files in the target directory and make HTTPS calls to api.osv.dev. The script does not attempt to read other system files, environment variables, or exfiltrate data to unexpected endpoints. Note: network failures and HTTP errors are silently swallowed by the script, which may hide connectivity problems.

✓ Install Mechanism

No install spec; this is instruction-only with an included Python script. The script uses only Python stdlib (urllib, json, re, etc.) and does not download or install external binaries or packages.

✓ Credentials

The skill requests no environment variables, credentials, or config paths. Network access to the OSV.dev API is required and is proportionate to the stated purpose.

✓ Persistence & Privilege

always:false and no code that modifies system or other skills' configurations. The skill does not request persistent presence or elevated privileges. Autonomous invocation is allowed by platform default but not a concern here by itself.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install dep-vuln-scanner
安装完成后，直接呼叫该 Skill 的名称或使用 /dep-vuln-scanner 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of dep-vuln-scanner. - Scans npm (package.json), Python/pip (requirements.txt), and Go (go.mod) dependencies for known vulnerabilities via the OSV.dev API. - Zero configuration required and no API key needed. - Supports color-coded output by severity and includes CVE information. - Offers JSON output for CI/CD workflows and ecosystem filtering options. - Returns non-zero exit code if vulnerabilities are found, aiding automated checks.

元数据

Slug dep-vuln-scanner

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题

Dep Vuln Scanner 是什么？

Scan project dependencies for known security vulnerabilities using the OSV.dev API. Supports npm (package.json), Python/pip (requirements.txt), and Go (go.mo... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 218 次。

如何安装 Dep Vuln Scanner？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install dep-vuln-scanner」即可一键安装，无需额外配置。

Dep Vuln Scanner 是免费的吗？

是的，Dep Vuln Scanner 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Dep Vuln Scanner 支持哪些平台？

Dep Vuln Scanner 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Dep Vuln Scanner？

由 John Wang（@johnnywang2001）开发并维护，当前版本 v1.0.0。