security 2 credits · ~$0.030 <500ms
Vulnerability Scanner
POST /v1/scan/vulnerabilities Checks package names against the OSV (Open Source Vulnerabilities) database and returns the CVEs and GHSAs affecting them — before dependencies are installed.
Capabilities
- ✓ OSV / CVE / GHSA lookup
- ✓ PyPI, npm, crates.io, Go
- ✓ Severity and aliases per finding
- ✓ Batch queries
Use cases
- → Post-validation dependency safety
- → Supply-chain gates
- → Agent-written build and lock files
example
curl -X POST https://api.agent-toolbox.ai/v1/scan/vulnerabilities \
-H "Content-Type: application/json" \
-d '{"packages": [{"name": "lodash", "version": "4.17.15", "ecosystem": "npm"}]}' response shape
{
"verdict": "PASS" | "FLAG" | "BLOCK",
// tool-specific findings…
"certificate": "sha256:..."
}