Install
openclaw skills install @kingaiwork/dependency-vulnerability-scannerScan package.json, requirements.txt, pom.xml and generate actionable fix commands for known CVEs. / 扫描常见依赖文件,针对已知CVE生成可执行的修复命令。
openclaw skills install @kingaiwork/dependency-vulnerability-scannerScan package.json, requirements.txt, pom.xml and generate actionable fix commands for known CVEs. / 扫描常见依赖文件,针对已知CVE生成可执行的修复命令。
🦁 由 KingAI.Work 出品 — 智能进化|vip@kingai.work
• Scan multiple project types in one pass: package.json, requirements.txt, pom.xml / 一次扫描支持多种项目:前端、后端、Java全家桶,自动识别依赖格式 • Cross-reference CVEs accurately using real-time CVE feeds / 实时调用权威CVE数据库,精准匹配已知漏洞,避免误报 • Generate actionable fix commands, not just reports / 直接输出可执行的修复命令,开发者可直接复制粘贴运行 • Highlight severity level (Critical/High/Medium/Low) per dependency / 按严重度排序展示漏洞,优先处理高危依赖,提升修复效率 • Auto-detect transitive dependencies and suggest safe upgrade paths (Pro) / 自动识别传递依赖中的隐藏漏洞,提供安全升级路径(Pro) • Generate CHANGELOG-safe upgrade plan that avoids breaking changes (Pro) / 生成不破坏现有功能的升级方案,减少回归测试成本(Pro)
# Step 1 — check environment
which bash curl && echo "Ready"
# Step 2 — run the tool
dvs scan ./my-project && dvs fix --auto Automatically scan and fix all vulnerable dependencies in one command. / 一键扫描并自动修复项目中的所有依赖漏洞,省去人工排查时间。
# Step 3 — review output
echo "Done — check the generated output"
• You inherit a legacy project with outdated deps. Run a single scan and get all fix commands. / 接手一个老项目,依赖版本混乱,不知从何下手。扫描一次,所有修复指令立等可取。 • Before a release sprint, ensure no critical CVE remains in your build. / 上线前安全检查:扫描所有模块,确保没有高危漏洞被遗漏,发布更安心。 • Your CI pipeline fails due to a newly disclosed CVE. Quickly identify and patch it. / CI流水线因新CVE告警中断,立即扫描并执行修复,避免开发阻塞。
| Capability | Free | Pro |
|---|---|---|
| Basics / 基础 | ✅ | ✅ |
| Automation / 自动化 | — | ✅ |
| AI / AI 功能 | — | ✅ |
| Support | Community | Priority |
Published by King AI — kingai.work