← 返回 Skills 市场
rebugui

Open Cve Scanner Repo

作者 rebugui · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ✓ 安全检测通过
227
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install open-cve-scanner-repo
功能描述
오픈소스 취약점 분석 스킬. 사용자가 오픈소스 패키지 이름과 사용 중인 버전을 입력하면, NVD(NIST), OSV.dev(Google), GitHub Advisory 3개 데이터 소스에서 CVE 취약점을 조회하여 최신 버전 정보와 함께 보안 리포트를 생성한다. 마크다운, Exce...
安全使用建议
This skill appears to be a legitimate CVE scanner: it contains Python clients for NVD, OSV, and GitHub and instructions to install dependencies and run scans. Things to consider before installing: - Source provenance: the registry metadata lists no homepage/source; if you don't trust the origin, review the bundled code yourself (requests to external APIs are visible and expected). - Installation: it instructs pip install -r requirements.txt — run inside a virtualenv or sandbox to avoid affecting your system Python. - API keys: NVD_API_KEY and GITHUB_TOKEN are optional and only increase rate limits; avoid supplying any unrelated secrets. - Network behavior: the tool makes outbound requests to NVD, OSV, registry APIs, and GitHub — this is required for functionality. If you must protect sensitive dependency lists, be aware those names/versions are sent to external services. - License: project uses AGPL-3.0 (per README) which has stronger copyleft obligations; consider legal implications for your use. If you want higher assurance, review scripts/cve-scanner.py and the cve_sources clients (they are included) or run the tool in an isolated environment before adding it to production workflows.
功能分析
Type: OpenClaw Skill Name: open-cve-scanner-repo Version: 1.0.1 The bundle is a comprehensive CVE scanner designed to analyze open-source packages and independent software (like Docker or Nginx) for vulnerabilities. It fetches data from legitimate public sources including NVD (NIST), OSV.dev (Google), and GitHub Advisory. The code is well-structured, modular, and lacks any signs of obfuscation, data exfiltration, or malicious intent. While some test scripts (e.g., test_independent_software.sh) contain hardcoded local file paths, these appear to be unintentional development artifacts rather than malicious indicators.
能力评估
Purpose & Capability
Name/description (CVE scanner) match the included Python clients, registry lookups, CPE logic, and report generators. The files and tests are appropriate for a vulnerability-scanning tool.
Instruction Scope
SKILL.md instructions focus on scanning packages and dependency files, generating reports, and optionally providing API keys for rate limits. Runtime steps reference only package registries and the three vulnerability data sources (NVD, OSV, GitHub), which matches the stated purpose.
Install Mechanism
There is no platform install spec; the skill is delivered as code and the README/SKILL.md instructs 'pip install -r requirements.txt'. That is expected but means installing Python dependencies happens at runtime — verify requirements.txt before installing and prefer a virtualenv or isolated environment.
Credentials
No required environment variables are declared. NVD/GitHub API keys are optional and justified (rate-limit increases). No unrelated secrets or config paths are requested.
Persistence & Privilege
Skill does not request always:true and has no special persistence. It may update its local package DB (add_package_to_database) which is reasonable for auto-detection caching and limited to its own files.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install open-cve-scanner-repo
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /open-cve-scanner-repo 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Removed the main program file cve-scanner from the repository. - Updated README.md with usage instructions, options, and example outputs.
v1.0.0
open-cve-scanner-repo 1.0.0 - 최초 릴리스: 오픈소스 패키지 및 의존성 파일의 CVE 취약점 분석 및 보안 리포트 생성 지원 - NVD(NIST), OSV.dev(Google), GitHub Advisory 3개 보안 데이터 소스 연동 - 다양한 출력 형식 지원: Markdown, Excel/CSV, JSON - 단일 패키지 입력 및 package.json, requirements.txt 등 파일 업로드로 일괄 분석 가능 - 주요 분석 옵션 및 API 키 연동 기능 제공 - 다양한 언어 및 생태계(npm, PyPI, Maven, Go 등) 지원
元数据
Slug open-cve-scanner-repo
版本 1.0.1
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 2
常见问题

Open Cve Scanner Repo 是什么?

오픈소스 취약점 분석 스킬. 사용자가 오픈소스 패키지 이름과 사용 중인 버전을 입력하면, NVD(NIST), OSV.dev(Google), GitHub Advisory 3개 데이터 소스에서 CVE 취약점을 조회하여 최신 버전 정보와 함께 보안 리포트를 생성한다. 마크다운, Exce... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 227 次。

如何安装 Open Cve Scanner Repo?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install open-cve-scanner-repo」即可一键安装,无需额外配置。

Open Cve Scanner Repo 是免费的吗?

是的,Open Cve Scanner Repo 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Open Cve Scanner Repo 支持哪些平台?

Open Cve Scanner Repo 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Open Cve Scanner Repo?

由 rebugui(@rebugui)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论