Install
openclaw skills install @markjr/cve-alertsMonitor CVE feeds for security vulnerabilities matching your tech stack. Use when setting up vulnerability monitoring, configuring CVE alerts, adding/removing watch keywords, suppressing false positives, or managing alert policies. Supports RSS/JSON feeds, configurable watchlists, suppression rules, severity thresholds, and multiple alert modes (immediate email, daily digest, dashboard only).
openclaw skills install @markjr/cve-alertsMonitor security vulnerability feeds for products, packages, and services you care about.
Before using this skill, ensure:
mkdir -p ~/.config/cve-alerts
~/.config/cve-alerts/config.json:{
"feeds": ["https://cvefeed.io/rssfeed/severity/high.xml"],
"watchlist": ["node.js", "express", "nginx", "postgresql"],
"alertEmail": "security@example.com",
"alertPolicy": "immediate",
"dataDir": "~/.local/share/cve-alerts"
}
Run scanner: node scripts/cve-scanner.mjs
Set up timer for hourly scans (see references/deployment.md)
Add items to config.json watchlist array:
"postgresql", "nginx""lodash", "express""apache", "microsoft""mycompany-auth", "internal-api"Watchlist supports case-insensitive partial matching.
Create ~/.config/cve-alerts/suppressions.json:
{
"cves": ["CVE-2024-12345"],
"keywords": ["android", "ios"],
"patterns": [".*mobile.*"],
"temporary": [
{"cve": "CVE-2024-99999", "expires": "2026-06-01"}
]
}
cves — specific CVE IDs to ignorekeywords — terms that trigger false positivespatterns — regex patterns to excludetemporary — suppressions with expiry datesSet alertPolicy in config:
"immediate" — email on each new match"digest" — daily summary email"dashboard" — no email, dashboard onlySet minSeverity in config:
"critical" — CVSS 9.0+"high" — CVSS 7.0+ (default)"medium" — CVSS 4.0+"low" — all severitiesscripts/cve-scanner.mjs — main scanner (run directly or via timer)scripts/generate-dashboard.mjs — rebuild static dashboard HTMLreferences/config-schema.md — full configuration referencereferences/deployment.md — systemd timer and nginx setupFetch feed → Filter by severity → Match watchlist → Apply suppressions →
Save new matches → Update dashboard → Send alerts (per policy)
Scanner is idempotent — safe to run repeatedly, only alerts on net-new matches.