Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

seaworld008/grype-syft-sbom-scanner

Name: grype-syft-sbom-scanner
Author: seaworld008

openclaw-skills/grype-syft-sbom-scanner/SKILL.md

npx skillsauth add seaworld008/commonly-used-high-value-skills grype-syft-sbom-scanner

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Grype + Syft SBOM Scanner

Trigger / When to Use

Use this skill when the user wants SBOM-first vulnerability management, container image scanning, package inventory, or repeatable vulnerability scans using Anchore open-source tools Syft and Grype.

Good trigger phrases:

"generate an SBOM and scan it"
"scan this container with Grype"
"compare vulnerabilities between two images"
"produce CycloneDX or SPDX"
"scan a directory or archive for CVEs"
"make vulnerability results reproducible from SBOM"

Core Capabilities

Generate SBOMs from container images, directories, files, archives, and package metadata with Syft.
Scan container images, directories, SBOMs, and individual package identifiers with Grype.
Separate inventory generation from vulnerability matching for repeatable audits.
Compare scan results over time as vulnerability databases change.
Integrate SBOM and vulnerability outputs into CI/CD and release evidence.
Support SPDX, CycloneDX, and Syft JSON workflows.

Workflow

1. Pick the SBOM Strategy

Use one of these modes:

Direct Grype scan for quick triage.
Syft SBOM plus Grype scan for reproducibility.
Stored SBOM scan for release, compliance, or incident response.

Prefer SBOM-first when the result will be attached to a release, shared with customers, or compared later.

2. Verify Tools

syft version
grype version

If missing, install from official Anchore channels. Pin versions in CI when release evidence matters.

3. Generate an SBOM

For a container image:

syft registry.example.com/app:1.2.3 -o cyclonedx-json=sbom.cdx.json

For a local source or filesystem directory:

syft dir:. -o spdx-json=sbom.spdx.json

For Syft JSON:

syft packages . -o syft-json=sbom.syft.json

4. Scan with Grype

Scan an image directly:

grype registry.example.com/app:1.2.3

Scan a directory:

grype dir:.

Scan an SBOM:

grype sbom:sbom.cdx.json

Fail on high-severity findings in CI:

grype registry.example.com/app:1.2.3 --fail-on high

5. Produce Reports

grype sbom:sbom.cdx.json -o json > grype-results.json
grype sbom:sbom.cdx.json -o sarif > grype-results.sarif
grype sbom:sbom.cdx.json -o table

Retain:

SBOM file.
Scanner version.
Vulnerability DB update timestamp.
Image digest or git commit.
Grype output.

6. Triage Findings

For each finding, capture:

Vulnerability ID.
Package name, version, type, and location.
Match type and confidence.
Fixed version.
Image layer or file path when available.
Whether the package is runtime, build-only, or unused.

Prioritize runtime packages over build-only layers unless the build system is also in scope.

Common Patterns

Release Evidence Bundle

release-security/
  image-digest.txt
  sbom.cdx.json
  grype-results.json
  grype-results.sarif
  scanner-versions.txt
  accepted-risk.md

GitHub Actions Example

name: sbom-vuln-scan
on: [pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Generate SBOM
        run: syft dir:. -o cyclonedx-json=sbom.cdx.json
      - name: Scan SBOM
        run: grype sbom:sbom.cdx.json --fail-on high

Image Comparison

syft old-image:tag -o syft-json=old.sbom.json
syft new-image:tag -o syft-json=new.sbom.json
grype sbom:old.sbom.json -o json > old.vulns.json
grype sbom:new.sbom.json -o json > new.vulns.json

Summarize deltas by new, fixed, unchanged, and severity-changed vulnerabilities.

Interpretation Rules

An SBOM is an inventory, not a security verdict.
A vulnerability match can depend on package metadata quality.
Distro vendor advisories can disagree with NVD severity or fix status.
Image scans should use immutable digests for release evidence.
Re-scanning old SBOMs can show newly disclosed vulnerabilities without rebuilding artifacts.

Boundaries

Do not assume Grype and Trivy will produce identical results.
Do not delete packages blindly from images without checking runtime dependencies.
Do not publish SBOMs externally without approval; SBOMs reveal technology inventory.
Do not treat a missing fixed version as an automatic blocker without risk analysis.
Do not use SBOM-only results as proof that source code has no custom vulnerabilities.

Reference Sources

Anchore OSS docs: https://oss.anchore.com/docs/
Grype scan targets: https://oss.anchore.com/docs/guides/vulnerability/scan-targets/
Syft scan targets: https://oss.anchore.com/docs/guides/sbom/scan-targets/

seaworld008/grype-syft-sbom-scanner

openclaw-skills/grype-syft-sbom-scanner/SKILL.md

用于通过 Syft 生成 SBOM，并用 Grype 扫描容器镜像、文件系统、软件包、归档和 SBOM 漏洞。

25 stars

tools

Updated May 21, 2026

$ install --global

skillsauth

npx skillsauth add seaworld008/commonly-used-high-value-skills grype-syft-sbom-scanner

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 21, 2026, 4:59 AM204.7s1 file scanned

SKILL.md

name:: grype-syft-sbom-scanner
description:: 用于通过 Syft 生成 SBOM，并用 Grype 扫描容器镜像、文件系统、软件包、归档和 SBOM 漏洞。
version:: 1.0.0
author:: seaworld008
source:: in-house
tags:: [security, sbom, vulnerability-scanning, grype, syft, container-security, supply-chain, cve]
created_at:: 2026-05-20
updated_at:: 2026-05-20
quality:: 4
complexity:: advanced

Grype + Syft SBOM Scanner

Trigger / When to Use

Use this skill when the user wants SBOM-first vulnerability management, container image scanning, package inventory, or repeatable vulnerability scans using Anchore open-source tools Syft and Grype.

Good trigger phrases:

"generate an SBOM and scan it"
"scan this container with Grype"
"compare vulnerabilities between two images"
"produce CycloneDX or SPDX"
"scan a directory or archive for CVEs"
"make vulnerability results reproducible from SBOM"

Core Capabilities

Generate SBOMs from container images, directories, files, archives, and package metadata with Syft.
Scan container images, directories, SBOMs, and individual package identifiers with Grype.
Separate inventory generation from vulnerability matching for repeatable audits.
Compare scan results over time as vulnerability databases change.
Integrate SBOM and vulnerability outputs into CI/CD and release evidence.
Support SPDX, CycloneDX, and Syft JSON workflows.

Workflow

1. Pick the SBOM Strategy

Use one of these modes:

Direct Grype scan for quick triage.
Syft SBOM plus Grype scan for reproducibility.
Stored SBOM scan for release, compliance, or incident response.

Prefer SBOM-first when the result will be attached to a release, shared with customers, or compared later.

2. Verify Tools

syft version
grype version

If missing, install from official Anchore channels. Pin versions in CI when release evidence matters.

3. Generate an SBOM

For a container image:

syft registry.example.com/app:1.2.3 -o cyclonedx-json=sbom.cdx.json

For a local source or filesystem directory:

syft dir:. -o spdx-json=sbom.spdx.json

For Syft JSON:

syft packages . -o syft-json=sbom.syft.json

4. Scan with Grype

Scan an image directly:

grype registry.example.com/app:1.2.3

Scan a directory:

grype dir:.

Scan an SBOM:

grype sbom:sbom.cdx.json

Fail on high-severity findings in CI:

grype registry.example.com/app:1.2.3 --fail-on high

5. Produce Reports

grype sbom:sbom.cdx.json -o json > grype-results.json
grype sbom:sbom.cdx.json -o sarif > grype-results.sarif
grype sbom:sbom.cdx.json -o table

Retain:

SBOM file.
Scanner version.
Vulnerability DB update timestamp.
Image digest or git commit.
Grype output.

6. Triage Findings

For each finding, capture:

Vulnerability ID.
Package name, version, type, and location.
Match type and confidence.
Fixed version.
Image layer or file path when available.
Whether the package is runtime, build-only, or unused.

Prioritize runtime packages over build-only layers unless the build system is also in scope.

Common Patterns

Release Evidence Bundle

release-security/
  image-digest.txt
  sbom.cdx.json
  grype-results.json
  grype-results.sarif
  scanner-versions.txt
  accepted-risk.md

GitHub Actions Example

name: sbom-vuln-scan
on: [pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Generate SBOM
        run: syft dir:. -o cyclonedx-json=sbom.cdx.json
      - name: Scan SBOM
        run: grype sbom:sbom.cdx.json --fail-on high

Image Comparison

syft old-image:tag -o syft-json=old.sbom.json
syft new-image:tag -o syft-json=new.sbom.json
grype sbom:old.sbom.json -o json > old.vulns.json
grype sbom:new.sbom.json -o json > new.vulns.json

Summarize deltas by new, fixed, unchanged, and severity-changed vulnerabilities.

Interpretation Rules

An SBOM is an inventory, not a security verdict.
A vulnerability match can depend on package metadata quality.
Distro vendor advisories can disagree with NVD severity or fix status.
Image scans should use immutable digests for release evidence.
Re-scanning old SBOMs can show newly disclosed vulnerabilities without rebuilding artifacts.

Boundaries

Do not assume Grype and Trivy will produce identical results.
Do not delete packages blindly from images without checking runtime dependencies.
Do not publish SBOMs externally without approval; SBOMs reveal technology inventory.
Do not treat a missing fixed version as an automatic blocker without risk analysis.
Do not use SBOM-only results as proof that source code has no custom vulnerabilities.

Reference Sources

Anchore OSS docs: https://oss.anchore.com/docs/
Grype scan targets: https://oss.anchore.com/docs/guides/vulnerability/scan-targets/
Syft scan targets: https://oss.anchore.com/docs/guides/sbom/scan-targets/

Related Skills

seaworld008/lark-wiki

development

VerifiedTrustedCommunity

飞书知识库：管理知识空间、空间成员和文档节点。创建和查询知识空间、查看和管理空间成员、管理节点层级结构、在知识库中组织文档和快捷方式。当用户需要在知识库中查找或创建文档、浏览知识空间结构、查看或管理空间成员、移动或复制节点时使用。当用户给出 doubao.com 的 /wiki/ URL/token 时，也应直接使用本 skill，不要因为域名不是飞书而回退到 WebFetch；路由依据是 URL 路径模式和 token，而不是域名。

34SKILL.mdUpdated Jun 4, 2026

seaworld008/lark-wiki

seaworld008/lark-whiteboard

tools

VerifiedTrustedCommunity

飞书画板：查询和编辑飞书云文档中的画板。支持导出画板为预览图片、导出原始节点结构、使用 DSL（转成 OpenAPI 格式）、PlantUML/Mermaid 格式更新画板内容。当用户需要查看画板内容、导出画板图片、编辑画板，或是需要可视化表达架构、流程、组织关系、时间线、因果、对比等结构化信息时使用此 skill，无论是否提及\"画板\"。 ⚠️ 原 `lark-whiteboard-cli` skill 已合并至本 skill，若 skill 列表中同时存在 `lark-whiteboard-cli`，请忽略它，统一使用本 skill（`lark-whiteboard`），并提示用户运行 `npx skills remove lark-whiteboard-cli -g` 删除旧 skill。

34SKILL.mdUpdated Jun 4, 2026

seaworld008/lark-whiteboard

seaworld008/lark-vc

testing

VerifiedTrustedCommunity

飞书视频会议：搜索历史会议、查询会议纪要产物（总结、待办、章节、逐字稿）、查询会议参会人快照。1. 查询已经结束的会议数量或详情时使用本技能（如历史日期｜昨天｜上周｜今天已经开过的会议等场景），查询未开始的会议日程使用 lark-calendar 技能。2. 支持通过关键词、时间范围、组织者、参与者、会议室等筛选条件搜索会议。3. 获取或整理会议纪要、逐字稿、录制产物时使用本技能。4. 查询“谁参加过某会议”“参会人列表”等参会人快照信息用 vc meeting get --with-participants（任意时点可查，含已结束会议）。注意：**Agent 真实入会/离会、感知正在进行中会议的实时事件**请使用 lark-vc-agent 技能，本技能不覆盖写操作和会中事件流。

34SKILL.mdUpdated Jun 4, 2026

seaworld008/lark-vc-agent

data-ai

VerifiedTrustedCommunity

飞书会议机器人入会、离会和会中事件读取。

34SKILL.mdUpdated Jun 4, 2026

seaworld008/lark-vc-agent

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/seaworld008/commonly-used-high-value-skills.git

# Copy into Claude Code skills folder (global)
cp -r commonly-used-high-value-skills/openclaw-skills/grype-syft-sbom-scanner ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

seaworld008/commonly-used-high-value-skills

25 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT