← 返回 Skills 市场
cr0m3

Snyk Vulnerability Scanner

作者 Cr0m3 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
138
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install snyk-vulnerability-scanner
功能描述
Automates Snyk security vulnerability scanning, GitHub issue reporting, and auto-fix PR creation for repositories. Use when scanning repositories for securit...
安全使用建议
This skill appears to do exactly what it claims: run Snyk scans, create GitHub issues, and open auto-fix PRs. Before using it: (1) ensure you have the Snyk CLI and GitHub CLI installed and authenticated locally (gh auth, snyk auth); (2) run with dry-run first to inspect what changes would be made; (3) note the scripts clone and push branches—only use with repos you trust and where the auth tokens have minimal necessary scope (repo write only); (4) review the included scripts for any policy you want to enforce (commit author/email, branch names, labels); and (5) if you plan to schedule automated runs, restrict which repo URLs the cron job uses and monitor generated PRs/issues.
功能分析
Type: OpenClaw Skill Name: snyk-vulnerability-scanner Version: 1.0.0 The skill bundle provides a legitimate automation workflow for Snyk security scanning and GitHub issue/PR management. It utilizes the Snyk CLI and GitHub CLI (`gh`) to perform its stated functions, with logic distributed across bash scripts (`snyk-scan.sh`, `snyk-auto-fix.sh`) and a Python script (`create-github-issues.py`). No evidence of data exfiltration, unauthorized access, or malicious intent was found; the code follows standard practices for repository manipulation and reporting.
能力评估
Purpose & Capability
Name/description match the included scripts: scanning with Snyk, creating issues via gh, and creating PRs after applying fixes. The files and runtime requirements are proportional and expected for this functionality.
Instruction Scope
SKILL.md and the scripts limit actions to cloning the target repo, running snyk, creating GitHub issues, and creating/pushing a fix branch/PR. The scripts reference only expected CLIs (git, snyk, gh, jq, python3) and temporary paths; they do not read unrelated system files or post data to unknown endpoints.
Install Mechanism
No install spec is provided (instruction-only install), and the code files are standard scripts. Nothing is downloaded from arbitrary URLs or written into unusual system locations.
Credentials
The skill does not declare environment variables but requires local CLI authentication for Snyk and GitHub and expects git credentials / repo write access. This is coherent with the purpose, but users must supply and manage credentials (gh auth, snyk auth, or git remote credentials) outside the skill; ensure those credentials have appropriate scopes.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or system-wide agent settings. It will create branches/PRs and push to origin (requires repository write access), which is expected behavior for auto-fix functionality.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install snyk-vulnerability-scanner
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /snyk-vulnerability-scanner 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the Snyk Vulnerability Scanner skill. - Automates Snyk scanning, GitHub issue creation, and auto-fix pull request generation. - Supports npm, Python, Gradle, and Maven repositories. - Main workflow: scan repository → report as GitHub issues → apply fixes and create PRs. - Configurable severity filters and PR target branch; includes dry-run and granular script options. - Prevents duplicate issue creation and provides troubleshooting guidance.
元数据
Slug snyk-vulnerability-scanner
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Snyk Vulnerability Scanner 是什么?

Automates Snyk security vulnerability scanning, GitHub issue reporting, and auto-fix PR creation for repositories. Use when scanning repositories for securit... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 138 次。

如何安装 Snyk Vulnerability Scanner?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install snyk-vulnerability-scanner」即可一键安装,无需额外配置。

Snyk Vulnerability Scanner 是免费的吗?

是的,Snyk Vulnerability Scanner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Snyk Vulnerability Scanner 支持哪些平台?

Snyk Vulnerability Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Snyk Vulnerability Scanner?

由 Cr0m3(@cr0m3)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论