🔐 Security & Audit

OSV Scannerv1.0.0

Name: OSV Scanner
Author: moenassi

osv-scanner

Scans Node.js/NPM and Linux packages for known vulnerabilities using the Google OSV API by analyzing dependencies and reporting related CVEs.

latest

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

1.5K

Stars

CreatedFeb 19, 2026

UpdatedMay 17, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install moenassi/osv-scanner

Skill Package7 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B55/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation7/35

· 680 downloads (moderate demand)
· No tracked installs (may still have real users via manual install)

Documentation12/25

· SKILL.md present
· Brief documentation (≥500 chars)
· Detailed summary

Package Completeness11/15

· skillAssets present (6 files)
· Includes README/AGENTS doc

Security Analysis

💙 Low Risk

UNDOCUMENTED_EXTERNALlow

Calls external URL not in known-safe list

https://api.osv.dev/v1/query

Audited Apr 18, 2026 · audit v1.0

💡

Usage Guide

Generated May 11, 2026

Software DevelopersDevOps EngineersSecurity Analystsbeginner

💡 Application Scenarios

Node.js Project Vulnerability ScanningSoftware Development

A development team wants to ensure their Node.js application dependencies are free from known vulnerabilities before deployment. Using the OSV Scanner, they can automatically scan their package.json and receive CVEs related to their dependencies.

Python Project Security AuditSoftware Development

A Python development team needs to audit their project's third-party packages for security issues. They can generate a packages.txt file from pip freeze and use the OSV Scanner to identify any vulnerabilities.

Linux Package Vulnerability ManagementIT & Systems Administration

System administrators managing Linux servers need to check for vulnerabilities in installed packages. The OSV Scanner can parse package lists and report known vulnerabilities, aiding in system hardening.

CI/CD Pipeline Security GateDevOps

Integrating the OSV Scanner into a CI/CD pipeline allows automated security checks on every code commit. If vulnerabilities are found, the build can be failed, ensuring only secure dependencies are deployed.

Open Source License Compliance CheckLegal & Compliance

Organizations using open source packages need to ensure license compliance. While the OSV Scanner focuses on vulnerabilities, it can be part of a broader compliance workflow by triggering alerts on packages with known issues.

💼 Business Models

Subscription-based Security Auditing ServiceMonthly/annual subscription fees

Offer a recurring vulnerability scanning service for development teams. Customers pay a monthly or annual fee to use the OSV Scanner, with additional features like scheduled scans and report generation.

Freemium with Premium ReportsOne-time purchases for premium features or tiered subscriptions

Provide basic vulnerability scanning for free, but charge for detailed reports, historical tracking, and integration support. This attracts a wide user base and converts heavy users to paid plans.

Consulting and Integration ServicesHourly consulting fees or fixed-price projects

Offer professional services to help organizations integrate the OSV Scanner into their existing workflows and CI/CD pipelines. Revenue comes from consulting hours and custom integration projects.

💬 Integration Tip

To integrate into a CI/CD pipeline, add a step that runs the scanner after dependency installation and fails the build if critical vulnerabilities are found.