← 返回 Skills 市场
52yuanchangxing

Sbom Explainer

作者 vx:17605205782 · GitHub ↗ · v1.0.0 · MIT-0
darwinlinuxwin32 ✓ 安全检测通过
162
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install sbom-explainer
功能描述
把依赖清单或 SBOM 翻译成非技术可读的风险说明,按影响面排序。;use for sbom, dependencies, risk workflows;do not use for 伪造 CVE 状态, 替代专业漏洞扫描.
安全使用建议
This skill appears to do what it says: produce human-friendly, structured SBOM briefings using only local inputs. Before running: (1) inspect scripts/run.py yourself (it is small and readable) to confirm behavior; (2) only pass intended SBOM files or project directories — do not point the script at system roots or directories containing secrets; (3) run it in an isolated environment (workdir or container) if you are unsure; (4) note the skill is an explanation layer, not a replacement for vulnerability scanning — continue to use dedicated scanners for CVE status and remediation. If you need stronger assurance, verify there are no network calls in the execution environment and run the smoke-test included in tests/smoke-test.md.
功能分析
Type: OpenClaw Skill Name: sbom-explainer Version: 1.0.0 The 'sbom-explainer' skill is a well-structured tool designed to translate Software Bill of Materials (SBOM) data into human-readable risk reports. The core logic in `scripts/run.py` is defensive and analytical, featuring a built-in scanner that identifies (and partially redacts) dangerous patterns like 'curl|bash' or exposed secrets. The skill includes clear safety boundaries in `SKILL.md`, lacks network access or obfuscation, and focuses entirely on local file processing and report generation.
能力评估
Purpose & Capability
Name/description match the included files and script. The bundle contains templates, a spec.json, examples, and a Python script that formats input SBOM/dependency material into the indicated structured brief. Required binary (python3) is appropriate and minimal.
Instruction Scope
SKILL.md confines the skill to explanation/briefing (not scanning or making changes) and instructs using scripts/resources. The run.py implementation performs read-only analysis and templating. However, run.py accepts directories and will recursively read many text file types under whatever path is given, so the agent or user must avoid supplying sensitive system directories as input.
Install Mechanism
No install spec is present (instruction-only skill with a local script). This is low risk: nothing is downloaded or written to system locations by an installer.
Credentials
No environment variables, credentials, or config paths are required. The script performs local file reads only and does not contact external endpoints or require secrets.
Persistence & Privilege
Skill does not request permanent presence (always:false). It does not modify other skills or global agent settings. The script can write an output file if asked, but otherwise operates read-only and supports a dry-run mode.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install sbom-explainer
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /sbom-explainer 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of sbom-explainer. - Translates SBOMs or dependency lists into non-technical, human-readable risk summaries sorted by impact. - Clearly separates suitable and unsuitable use cases, emphasizing boundaries (not for CVE forgery or vulnerability scanning). - Outputs include dependency overview, key risks, affected scope, priorities, mitigation advice, and communication points. - Provides structured drafts for review, listing missing info as confirmation items, and maintains security boundaries—read-only and audit-friendly. - Supports both shell execution (where permitted) and direct text output using provided templates and specs.
元数据
Slug sbom-explainer
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Sbom Explainer 是什么?

把依赖清单或 SBOM 翻译成非技术可读的风险说明,按影响面排序。;use for sbom, dependencies, risk workflows;do not use for 伪造 CVE 状态, 替代专业漏洞扫描. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 162 次。

如何安装 Sbom Explainer?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sbom-explainer」即可一键安装,无需额外配置。

Sbom Explainer 是免费的吗?

是的,Sbom Explainer 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Sbom Explainer 支持哪些平台?

Sbom Explainer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。

谁开发了 Sbom Explainer?

由 vx:17605205782(@52yuanchangxing)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论