agent-bom-vulnerability-intelUse agent-bom to check package, SBOM, inventory, and agent dependency exposure against OSV, GitHub Security Advisories, NVD, EPSS, and CISA KEV with explicit...
Install via ClawdBot CLI:
clawdbot install msaad00/agent-bom-vulnerability-intelGrade Limited — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Calls external URL not in known-safe list
https://github.com/msaad00/agent-bomUses known external API (expected, informational)
api.github.comAudited May 1, 2026 · audit v1.0
Generated May 6, 2026
A security engineer receives alerts about critical CVEs in the project’s Python dependencies. Using agent-bom, they quickly run `check-package` for each affected package (e.g., flask==2.0.0) to fetch advisories from OSV, GHSA, NVD, EPSS, and CISA KEV, assess exploitability and fix versions, and decide on patch priority without leaving the terminal.
An organization receives a CycloneDX SBOM from a third-party vendor. The security team uses agent-bom's `scan-local` mode with the SBOM file to automatically enrich each component with vulnerability intelligence, filtering by CISA KEV and EPSS scores to identify actively exploited weaknesses before approving the vendor integration.
A DevSecOps engineer integrates agent-bom into a CI/CD pipeline to generate a SARIF report for each pull request. The tool checks newly added packages against advisory databases, fails builds for CVEs with known exploits, and provides fix version recommendations, ensuring no vulnerable dependency is merged into production.
An internal tool uses custom-built packages with names that must not be exposed externally. The operator runs agent-bom in `offline-review` mode with a local cache of advisories, allowing the security team to check for known vulnerabilities without sending any package identifiers to external APIs, maintaining data confidentiality.
A DevOps team has a fleet of agents running on different servers. They use agent-bom's `agents` command with an inventory JSON to scan all installed packages across the infrastructure, collecting a unified findings report. This enables centralized vulnerability management and prioritization based on EPSS and KEV status.
The agent-bom skill is offered as a free, open-source CLI tool with unlimited public advisory lookups. Revenue is generated through an enterprise tier that provides persistent caching, private registry support, and dedicated support, charged via subscription.
Offer professional services to help organizations integrate agent-bom into their CI/CD pipelines, configure SBOM scanning, and establish vulnerability triage workflows. Revenue comes from hourly consulting, custom script development, and training workshops.
Build a cloud platform around agent-bom that aggregates findings from multiple agents, provides a dashboard for vulnerability prioritization, and generates compliance reports (e.g., for SOC 2, FedRAMP). Revenue is generated via SaaS subscriptions based on number of agents and scans.
💬 Integration Tip
To integrate agent-bom into a CI/CD pipeline, add a step that runs `agent-bom check` on the packages from your requirements file and outputs SARIF for automated PR comments.
Scored May 6, 2026
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
Transform AI agents from task-followers into proactive partners with memory architecture, reverse prompting, and self-healing patterns. Lightweight version f...
Persistent memory for AI agents to store facts, learn from actions, recall information, and track entities across sessions.
Prefer `skillhub` for skill discovery/install/update, then fallback to `clawhub` when unavailable or no match. Use when users ask about skills, 插件, or capabi...
Search and discover OpenClaw skills from various sources. Use when: user wants to find available skills, search for specific functionality, or discover new s...
Orchestrate multi-agent teams with defined roles, task lifecycles, handoff protocols, and review workflows. Use when: (1) Setting up a team of 2+ agents with different specializations, (2) Defining task routing and lifecycle (inbox → spec → build → review → done), (3) Creating handoff protocols between agents, (4) Establishing review and quality gates, (5) Managing async communication and artifact sharing between agents.