技能详情(站内镜像,无评论)
作者:Expanso @aronchick
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 707 · 1 current installs · 1 all-time installs
⭐ 0
安装量(当前) 1
🛡 VirusTotal :良性 · OpenClaw :良性
Package:aronchick/expanso-cve-scan
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's files and runtime instructions are consistent with a simple SBOM CVE scanner that calls the public OSV API; nothing in the package requests unrelated credentials, installs, or system access.
综合结论
This skill appears to be what it claims: a pipeline you run with expanso-edge that posts SBOM content to the public OSV API (api.osv.dev). Before installing/using it, consider: - Your SBOM contents are sent to a third-party public API (OSV). If your SBOM contains sensitive or internal package names, treat that as potential data exposure and verify acceptability with your org. - The CLI pipeline defaults the ecosystem to "npm" for every package…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Expanso cve-scan」。简介:Scan software bill of materials (SBOM) for known CVE vulnerabilities using Expa…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/aronchick/expanso-cve-scan/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
# cve-scan
Scan SBOM for known CVE vulnerabilities
## Requirements
- Expanso Edge installed (`expanso-edge` binary in PATH)
- Install via: `clawhub install expanso-edge`
## Usage
### CLI Pipeline
```bash
# Run standalone
echo '<input>' | expanso-edge run pipeline-cli.yaml
```
### MCP Pipeline
```bash
# Start as MCP server
expanso-edge run pipeline-mcp.yaml
```
### Deploy to Expanso Cloud
```bash
expanso-cli job deploy https://skills.expanso.io/cve-scan/pipeline-cli.yaml
```
## Files
| File | Purpose |
|------|---------|
| `skill.yaml` | Skill metadata (inputs, outputs, credentials) |
| `pipeline-cli.yaml` | Standalone CLI pipeline |
| `pipeline-mcp.yaml` | MCP server pipeline |