Expanso cve-scan
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is not clearly malicious, but it can give incomplete CVE-scan results and its MCP mode exposes an unauthenticated network endpoint, so it needs review before use.
Before installing, verify that the pipeline scans all relevant ecosystems and all packages in your SBOM. Avoid relying on MCP mode until it performs a real vulnerability lookup, bind any server to localhost or protect it with authentication, and only use the CLI with SBOMs you are comfortable sending to OSV. Prefer deploying the reviewed local pipeline rather than an unpinned remote URL.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Large SBOMs or non-npm SBOMs may receive incomplete or incorrect results while the output suggests the scan covered all packages.
The CLI pipeline hard-codes the OSV ecosystem to npm and queries only the first 100 packages, but later reports the full SBOM package count as scanned.
"ecosystem": "npm" # Default to npm, could be inferred from purl ... }).slice(0, 100) # OSV limit: 100 packages per batch ... root.scanned_packages = meta("package_count")Do not rely on the CLI output for complete coverage until the pipeline batches all packages, infers ecosystem from purl/SPDX/CycloneDX data, and reports the actual number queried.
Using MCP mode could falsely report zero vulnerabilities for an SBOM that actually contains vulnerable packages.
The MCP pipeline constructs an empty vulnerability list and reports its length without querying OSV, NVD, or any vulnerability database.
let vulnerabilities = [] ... root.vulnerabilities = $vulnerabilities ... "vulnerabilities_found": $vulnerabilities.length()
Avoid MCP mode for security decisions until it performs a real vulnerability lookup or clearly labels itself as a stub/non-scanning endpoint.
If started on a shared or exposed machine, unintended network clients may be able to interact with the scan endpoint.
The MCP/HTTP server binds to all network interfaces and the artifact does not show authentication, localhost-only binding, or origin restrictions.
http: enabled: true; address: "0.0.0.0:${PORT:-8080}" ... path: /scan ... allowed_verbs: [POST]Bind the server to 127.0.0.1 by default, add authentication or firewall guidance, and document when it is safe to expose the endpoint.
Your dependency inventory may leave your environment and be shared with OSV, which may be sensitive for private software.
The CLI pipeline sends SBOM-derived package names and versions to the OSV API for vulnerability lookup.
url: "https://api.osv.dev/v1/querybatch"; verb: POST
Use this only with SBOMs you are comfortable sending to OSV, or require an offline/local vulnerability database for sensitive projects.
A user may deploy the live remote pipeline rather than the exact reviewed local artifact.
The cloud deployment example fetches a pipeline from a remote URL without a pinned hash or version in the instruction.
expanso-cli job deploy https://skills.expanso.io/cve-scan/pipeline-cli.yaml
Inspect the remote pipeline before deployment, prefer deploying the reviewed local file, and pin by version or digest where possible.
Supplying an NVD key appears unnecessary for the shown pipelines and could create avoidable credential exposure.
The skill declares an optional credential, but the included pipelines use OSV without an API key and do not show NVD key handling.
credentials:\n - name: NVD_API_KEY\n required: false\n description: NVD API key for higher rate limits
Do not provide the NVD_API_KEY unless a reviewed pipeline version actually uses it and documents how it is protected.