π¦ ClawHub
CVE Audit Skill
by @toan203
Security auditing skill for scanning CVE vulnerabilities across npm, Python, Go, and Rust projects using osv-ui. Opens a visual browser dashboard for human r...
TERMINAL
clawhub install osv-uiπ About This Skill
name: osv-ui description: Security auditing skill for scanning CVE vulnerabilities across npm, Python, Go, and Rust projects using osv-ui. Opens a visual browser dashboard for human review, then applies fixes with explicit confirmation. version: 1.0.0 author: toan203 homepage: https://github.com/toan203/osv-ui tags: [security, cve, vulnerability, npm, python, go, rust, audit, dependabot] tools: [bash, computer]
osv-ui β CVE Audit Skill
Use this skill whenever the user asks to:
npm audit, pip-audit, Snyk, or DependabotWhen to activate
Activate when the user mentions any of:
Workflow
1 β Scan
# Single service
npx osv-ui --no-open --json ./osv-report.jsonMultiple services
npx osv-ui ./frontend ./api ./worker --no-open --json ./osv-report.jsonAuto-discover
npx osv-ui --discover --no-open --json ./osv-report.json
2 β Present summary
Parseosv-report.json and show:
π [project]: [N] packages Β· π΄ Critical: N Β· π High: N Β· π‘ Moderate: N Β· π΅ Low: N Β· Risk: N/100
Top CVEs: [list top 5 by severity with fix version]
3 β Always offer the visual dashboard
> "Want to review in a visual dashboard before I apply any fixes?"npx osv-ui [same paths]
Opens http://localhost:2003
4 β Show fix commands, get confirmation
Show what will change. NEVER apply without explicit user "yes".npm install axios@0.30.3 # fixes 4 CVEs
npm install lodash@4.17.23 # fixes 3 CVEs
5 β Apply and verify
# Apply fixes
npm install [package@version]Re-scan to confirm
npx osv-ui --no-open --json ./osv-report-after.json
Notes
--offline if OSV.dev is unreachableQuick reference
npx osv-ui # scan current dir
npx osv-ui ./frontend ./api # multi-service
npx osv-ui --discover # auto-detect
npx osv-ui --json=report.json --no-open # export JSON
npx osv-ui --html=report.html --no-open # export HTML
π Tips & Best Practices
--offline if OSV.dev is unreachable