An OpenClaw skill for monitoring CVE feeds and alerting on vulnerabilities matching your tech stack.
- Configurable watchlist — products, packages, vendors, internal service names
- Suppression rules — filter out false positives by CVE ID, keyword, or regex pattern
- Multiple alert channels — email, Telegram, or dashboard-only
- Multi-feed support — monitor multiple RSS/JSON vulnerability feeds
- Static dashboard — auto-generated HTML dashboard for quick review
cd cve-alerts
npm installmkdir -p ~/.config/cve-alertsCreate ~/.config/cve-alerts/config.json:
{
"feeds": ["https://cvefeed.io/rssfeed/severity/high.xml"],
"watchlist": ["nginx", "node.js", "postgresql", "redis"],
"alertEmail": "security@example.com",
"alertPolicy": "immediate",
"dataDir": "~/.local/share/cve-alerts",
"credentialsPath": "~/.config/cve-alerts/email.json"
}Create ~/.config/cve-alerts/email.json:
{
"email": "alerts@example.com",
"password": "your-app-password",
"smtp": {
"host": "smtp.example.com",
"port": 587,
"secure": false
}
}npm run scanSee references/deployment.md for systemd timer and cron examples.
Add any terms you want to monitor:
{
"watchlist": [
"nginx",
"node.js",
"express",
"postgresql",
"redis",
"your-internal-service"
]
}Matching is case-insensitive and partial (e.g., "node" matches "node.js").
Create ~/.config/cve-alerts/suppressions.json to filter false positives:
{
"cves": ["CVE-2024-12345"],
"keywords": ["android", "ios", "windows"],
"patterns": [".*wordpress.*plugin.*"],
"temporary": [
{"cve": "CVE-2024-99999", "expires": "2026-07-01"}
]
}| Policy | Behavior |
|---|---|
immediate |
Email + Telegram on each new match |
digest |
Collect matches, send daily summary |
dashboard |
No email, dashboard only |
| File | Description |
|---|---|
SKILL.md |
OpenClaw skill definition |
scripts/cve-scanner.mjs |
Main scanner script |
scripts/generate-dashboard.mjs |
Dashboard generator |
references/config-schema.md |
Full configuration reference |
references/deployment.md |
Deployment guide |
This repository is structured as an AgentSkill. To use it:
- Clone to your skills directory
- Reference from your OpenClaw configuration
- The agent will use it when setting up CVE monitoring
MIT — see LICENSE
Issues and PRs welcome. Please include test cases for new features.