π¦ ClawHub
Dep Vuln Scanner
by @johnnywang2001
Scan project dependencies for known security vulnerabilities using the OSV.dev API. Supports npm (package.json), Python/pip (requirements.txt), and Go (go.mo...
TERMINAL
clawhub install dep-vuln-scannerπ About This Skill
name: dep-vuln-scanner description: Scan project dependencies for known security vulnerabilities using the OSV.dev API. Supports npm (package.json), Python/pip (requirements.txt), and Go (go.mod). Use when checking a project for vulnerable packages, auditing dependencies before deployment, or investigating CVEs in third-party libraries. No API key required.
Dependency Vulnerability Scanner
Scan project dependencies against the OSV.dev vulnerability database. Zero config, no API keys.
Quick Start
# Scan current directory (auto-detects project type)
python3 scripts/dep_vuln_scan.py .Scan a specific project
python3 scripts/dep_vuln_scan.py /path/to/projectJSON output for CI/CD
python3 scripts/dep_vuln_scan.py . --jsonScan only npm dependencies
python3 scripts/dep_vuln_scan.py . --ecosystem npm
Supported Ecosystems
| File | Ecosystem |
|------|-----------|
| package.json | npm |
| requirements.txt | PyPI |
| go.mod | Go |
Multiple files in the same directory are scanned together.
Output
Flags
--json β Machine-readable JSON output--ecosystem β Filter by ecosystem (repeatable)π‘ Examples
# Scan current directory (auto-detects project type)
python3 scripts/dep_vuln_scan.py .Scan a specific project
python3 scripts/dep_vuln_scan.py /path/to/projectJSON output for CI/CD
python3 scripts/dep_vuln_scan.py . --jsonScan only npm dependencies
python3 scripts/dep_vuln_scan.py . --ecosystem npm