🧪 Skills

x-osv

CLI for Google OSV database. Query vulnerabilities for packages, scan local projects for vulnerable dependencies. **Dependency**: This is an x-cmd module. In...

v1.0.1
❤️ 1
⬇️ 60
👁 2
Save📁 Collect
Share

Description

name: x-osv description: | CLI for Google OSV database. Query vulnerabilities for packages, scan local projects for vulnerable dependencies.

Dependency: This is an x-cmd module. Install x-cmd first (see x-cmd skill). Required Tool: Install osv-scanner for project scanning (see https://github.com/google/osv-scanner).

license: Apache-2.0 compatibility: POSIX Shell

metadata: author: Li Junhao version: "1.0.1" category: x-cmd-extension tags: [x-cmd, security, vulnerability, osv, scanner]

x osv - Open Source Vulnerabilities

Query Google OSV database for package vulnerabilities and scan local projects.

Quick Start

# Query vulnerability for a package
x osv q -p jq -v 1.7.1

# Scan local project for vulnerabilities (requires osv-scanner)
x osv scanner .

Features

  • Vulnerability Query: Query OSV database for package vulnerabilities
  • Project Scanning: Scan local projects using osv-scanner
  • SARIF Reports: Generate SARIF security reports
  • Multi-ecosystem: Supports npm, pip, Maven, Go, Rust, etc.

Prerequisites

Tool Purpose Install
x-cmd Required module runtime brew install x-cmd
osv-scanner Project scanning https://github.com/google/osv-scanner

Commands

Command Description
x osv q <pkg> Query vulnerabilities for a package
x osv scanner <path> Scan project for vulnerabilities (requires osv-scanner)
x osv vuln <id> Get vulnerability details
x osv sarif Generate SARIF security reports
x osv eco List supported ecosystems

Examples

Query Vulnerabilities

# Query specific package version
x osv q -p jq -v 1.7.1

# Query by commit hash
x osv q -c 6879efc2c1596d11a6a6ad296f80063b558d5e0f

Scan Projects

# Scan current directory (requires osv-scanner installed)
x osv scanner .

# Scan specific lockfile
x osv scanner --lockfile requirements.txt
x osv scanner --lockfile package-lock.json

Generate SARIF Reports

# Scan npm project
x osv sarif npm ./my-project/

# Scan pip project with JSON output
x osv sarif pip ./project/ --json

Supported Ecosystems

View all supported ecosystems:

x osv eco

Includes: npm, PyPI, Maven, Go, Rust, NuGet, Packagist, etc.

API Key

No API key required for basic usage. Rate limits apply for unauthenticated requests.

Related

Reviews (0)

Sign in to write a review.

No reviews yet. Be the first to review!

Comments (0)

Sign in to join the discussion.

No comments yet. Be the first to share your thoughts!

Compatible Platforms

Links

📂 Source Code

Pricing

Free

Related Configs

🧪 Skill

self-improving-agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...

❤️ 2.0k ⬇️ 218k
🧪 Skill

Self Improving Agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. And also 50+ models for image generation, video generation, text-to-speech, spe...

❤️ 2.0k ⬇️ 206k
🧪 Skill

Find Skills

Free

Search, discover, and install skills from the open agent skills ecosystem to extend agent capabilities for specific tasks or domains.

❤️ 814 ⬇️ 199k
🧪 Skill

Summarize

Free

--- name: summarize description: Summarize URLs or files with the summarize CLI (web, PDFs, images, audio, YouTube). homepage: https://summarize.sh metadata: {"clawdbot":{"emoji":"🧾","requires":{"b

❤️ 609 ⬇️ 160k