[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-skill-backnotprop-update-deps-en":3,"guides-for-backnotprop-update-deps":452,"similar-k17epwgww303ges9rj8zcvtkc986nh6d-en":453},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":15,"identity":245,"isFallback":240,"parentExtension":250,"providers":251,"relations":256,"repo":258,"tags":449,"workflow":450},1778682919003.7283,"k17epwgww303ges9rj8zcvtkc986nh6d",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":13,"sourceUrl":14},"Audit and update npm/Bun dependencies with supply chain integrity checks — verifies maintainers, publish age, tarball diffs, and provenance before bumping. Defers risky packages to ~/.supply-chain/notes/.",{"claudeCode":12},"backnotprop/plannotator","update-deps","https://github.com/backnotprop/plannotator",{"_creationTime":16,"_id":17,"extensionId":5,"locale":18,"result":19,"trustSignals":226,"workflow":243},1778683088083.2546,"kn76qnxy581jce3h228bb3vetx86njnp","en",{"checks":20,"evaluatedAt":192,"extensionSummary":193,"features":194,"nonGoals":200,"promptVersionExtension":205,"promptVersionScoring":206,"purpose":207,"rationale":208,"score":209,"summary":210,"tags":211,"targetMarket":219,"tier":220,"useCases":221},[21,26,29,32,36,39,43,47,51,54,58,62,65,69,72,75,78,81,84,87,91,95,99,103,107,110,114,117,121,124,127,130,133,136,139,143,147,150,153,157,160,163,166,169,173,176,179,182,185,189],{"category":22,"check":23,"severity":24,"summary":25},"Practical Utility","Problem relevance","pass","The description clearly identifies the problem of auditing and updating npm/Bun dependencies while ensuring supply chain integrity, and specifies the user intent of verifying maintainers, publish age, tarball diffs, and provenance before bumping.",{"category":22,"check":27,"severity":24,"summary":28},"Unique selling proposition","The extension offers significant value beyond basic dependency updates by implementing detailed supply chain integrity checks (maintainer verification, publish age, provenance, tarball diffs) and a structured deferral process for risky packages, which is more than a thin wrapper.",{"category":22,"check":30,"severity":24,"summary":31},"Production readiness","The extension is production-ready, covering the complete lifecycle of dependency auditing and updating with detailed phases, sub-agent prompts for integrity checks, and clear execution steps.",{"category":33,"check":34,"severity":24,"summary":35},"Scope","Single responsibility principle","The extension focuses solely on auditing and updating npm/Bun dependencies with supply chain checks, a coherent domain.",{"category":33,"check":37,"severity":24,"summary":38},"Description quality","The displayed description accurately reflects the extension's functionality of auditing and updating dependencies with supply chain integrity checks and deferring risky packages.",{"category":40,"check":41,"severity":24,"summary":42},"Invocation","Scoped tools","The skill uses distinct prompts for sub-agents performing specific verification tasks (maintainer verification, publish date, provenance, tarball diff, release notes) rather than a single generalist tool.",{"category":44,"check":45,"severity":24,"summary":46},"Documentation","Configuration & parameter reference","The SKILL.md documents all parameters for sub-agent prompts, including package details, versions, and verdict guidelines, with clear JSON output structure.",{"category":33,"check":48,"severity":49,"summary":50},"Tool naming","not_applicable","This is a skill, not a set of distinct tools with user-facing commands.",{"category":33,"check":52,"severity":24,"summary":53},"Minimal I/O surface","The sub-agent prompt template clearly defines the expected JSON output with specific fields for package auditing, and the input parameters are well-defined package details.",{"category":55,"check":56,"severity":24,"summary":57},"License","License usability","The extension is licensed under both Apache-2.0 and MIT licenses, as indicated in the README and LICENSE files.",{"category":59,"check":60,"severity":24,"summary":61},"Maintenance","Commit recency","The repository shows recent commits, with the last commit on 2026-05-13, indicating active maintenance.",{"category":59,"check":63,"severity":24,"summary":64},"Dependency Management","The extension itself manages dependencies for Bun and npm, and the SKILL.md outlines a robust process for auditing and updating them, including a mechanism for age gate exclusions.",{"category":66,"check":67,"severity":24,"summary":68},"Security","Secret Management","The extension does not appear to handle or expose secrets; it focuses on package auditing. No secrets are visible in the provided code or documentation.",{"category":66,"check":70,"severity":24,"summary":71},"Injection","The skill's sub-agent prompt template explicitly structures inputs and expects JSON output, mitigating risks of prompt injection. It treats package data as untrusted and specifies checks for suspicious patterns.",{"category":66,"check":73,"severity":24,"summary":74},"Transitive Supply-Chain Grenades","The extension relies on `bun outdated`, `npm view`, and `npm diff` which are executed locally. It does not fetch external code or markdown at runtime for execution, thus avoiding transitive supply-chain risks.",{"category":66,"check":76,"severity":24,"summary":77},"Sandbox Isolation","The skill orchestrates local commands like `bun outdated` and `npm view`. It does not attempt to modify files outside of its designated output paths or interact with external systems in a way that would violate sandbox isolation.",{"category":66,"check":79,"severity":24,"summary":80},"Sandbox escape primitives","The SKILL.md describes the use of sub-agents for specific tasks and local command execution. There is no indication of detached processes or retry loops around denied tool calls.",{"category":66,"check":82,"severity":24,"summary":83},"Data Exfiltration","The extension's primary function is local package auditing. It does not read or submit confidential data to third parties. Output is logged locally to `~/.supply-chain/notes/`.",{"category":66,"check":85,"severity":24,"summary":86},"Hidden Text Tricks","The bundled SKILL.md and README.md appear to be clean, using standard markdown and no hidden text tricks or suspicious Unicode characters.",{"category":88,"check":89,"severity":24,"summary":90},"Hooks","Opaque code execution","The SKILL.md describes using sub-agents and local CLI commands (`bun`, `npm`). There is no mention of obfuscated code, base64 payloads, or runtime fetched scripts.",{"category":92,"check":93,"severity":24,"summary":94},"Portability","Structural Assumption","The skill makes no structural assumptions about the user's project organization outside of expecting `bunfig.toml` to exist for age gate exclusions and writing to `~/.supply-chain/notes/`.",{"category":96,"check":97,"severity":24,"summary":98},"Trust","Issues Attention","With 64 issues opened and 125 closed in the last 90 days, the closure rate is high, indicating active maintainer engagement.",{"category":100,"check":101,"severity":24,"summary":102},"Versioning","Release Management","The repository has a CHANGELOG.md and a recent push date, indicating a managed release process. While a specific version number isn't explicitly called out in the SKILL.md frontmatter, the commit history suggests versioning is managed.",{"category":104,"check":105,"severity":24,"summary":106},"Execution","Validation","The SKILL.md details the expected JSON output structure for sub-agents and specifies validation criteria for verdicts (safe, review, defer).",{"category":66,"check":108,"severity":24,"summary":109},"Unguarded Destructive Operations","The `bun update` command is the most destructive operation, but it is guarded by a thorough preceding audit phase. The output is logged locally, and deferred packages are clearly marked for review, not executed automatically.",{"category":111,"check":112,"severity":24,"summary":113},"Code Execution","Error Handling","The SKILL.md outlines how to handle sub-agent failures ('audit failed') and specifies a JSON structure with verdicts, including reasons, which allows for meaningful error reporting.",{"category":111,"check":115,"severity":24,"summary":116},"Logging","The extension logs all audit results, including bumped, deferred, and excluded packages, to `~/.supply-chain/notes/` in a structured JSON format.",{"category":118,"check":119,"severity":49,"summary":120},"Compliance","GDPR","The extension operates on package metadata and local configuration files, not personal data.",{"category":118,"check":122,"severity":24,"summary":123},"Target market","The extension is a developer tool for package management and has no geographical or legal restrictions, making it global.",{"category":92,"check":125,"severity":24,"summary":126},"Runtime stability","The extension relies on standard Node.js/Bun tools (`bun`, `npm`) and appears to be cross-platform compatible based on the use of standard shell commands and relative paths.",{"category":44,"check":128,"severity":24,"summary":129},"README","The README.md provides a comprehensive overview of the Plannotator project, its features, installation, and licensing, complementing the SKILL.md.",{"category":33,"check":131,"severity":49,"summary":132},"Tool surface size","This is a skill that orchestrates internal processes and external CLI tools, not one that exposes multiple distinct tools.",{"category":40,"check":134,"severity":24,"summary":135},"Overlapping near-synonym tools","The skill uses distinct phases and sub-agent tasks (discovery, audit, execution), avoiding overlapping near-synonym operations.",{"category":44,"check":137,"severity":24,"summary":138},"Phantom features","All advertised features related to dependency auditing and supply chain checks are implemented and described in the SKILL.md.",{"category":140,"check":141,"severity":24,"summary":142},"Install","Installation instruction","The README provides clear installation instructions for various platforms and agents, including copy-pasteable commands and plugin installation steps for Claude Code.",{"category":144,"check":145,"severity":24,"summary":146},"Errors","Actionable error messages","The SKILL.md specifies how sub-agents should report verdicts with reasons and suggests handling 'audit failed' errors, providing a basis for actionable error messages.",{"category":104,"check":148,"severity":24,"summary":149},"Pinned dependencies","The SKILL.md explicitly mentions updating dependencies and suggests using `bunfig.toml` for age gate exclusions, implying a management of dependencies and lockfiles.",{"category":33,"check":151,"severity":24,"summary":152},"Dry-run preview","The entire audit phase acts as a dry-run for the `bun update` command, with packages categorized and deferred before any actual updates are applied.",{"category":154,"check":155,"severity":24,"summary":156},"Protocol","Idempotent retry & timeouts","The extension orchestrates local commands. Failures in sub-agents are handled, and the `bun update` command is a single execution step that is preceded by a thorough audit, implying robustness against retries.",{"category":118,"check":158,"severity":24,"summary":159},"Telemetry opt-in","The extension logs its output locally to `~/.supply-chain/notes/` and does not appear to emit any telemetry to third parties.",{"category":40,"check":161,"severity":24,"summary":162},"Precise Purpose","The SKILL.md clearly states the purpose is to audit and update npm/Bun dependencies with supply chain integrity checks, and details the process (discovery, audit, execution) and deferral of risky packages.",{"category":40,"check":164,"severity":24,"summary":165},"Concise Frontmatter","The frontmatter is concise and effectively summarizes the core capability of auditing and updating dependencies with supply chain checks.",{"category":44,"check":167,"severity":24,"summary":168},"Concise Body","The SKILL.md is well-structured with distinct phases and uses progressive disclosure for details like sub-agent prompts and logging formats, staying within reasonable length.",{"category":170,"check":171,"severity":24,"summary":172},"Context","Progressive Disclosure","The SKILL.md breaks down the process into phases and provides detailed prompts and logging formats, implying further details could be externalized if needed, adhering to progressive disclosure principles.",{"category":170,"check":174,"severity":49,"summary":175},"Forked exploration","This skill performs a specific, bounded task of dependency updating and auditing rather than deep exploration or code review that would necessitate a forked context.",{"category":22,"check":177,"severity":24,"summary":178},"Usage examples","The SKILL.md provides clear examples for running `bun outdated` and demonstrates the structure of the expected JSON output from sub-agents, allowing users to understand the process.",{"category":22,"check":180,"severity":24,"summary":181},"Edge cases","The SKILL.md documents failure modes like 'audit failed' and addresses age gate conflicts, including a mechanism for exclusions and defining package tiers, indicating handling of edge cases.",{"category":111,"check":183,"severity":49,"summary":184},"Tool Fallback","The extension orchestrates local CLI tools (bun, npm) and sub-agents, not external MCP servers, so this check is not applicable.",{"category":186,"check":187,"severity":24,"summary":188},"Safety","Halt on unexpected state","The process clearly mandates an audit phase before any updates are applied, and deferred packages are logged for manual review, preventing destructive actions on unexpected states.",{"category":92,"check":190,"severity":24,"summary":191},"Cross-skill coupling","The skill is self-contained and focuses on dependency management, with no apparent reliance on other specific skills.",1778683087964,"This skill audits npm/Bun dependencies by verifying maintainers, publish age, tarball diffs, and provenance. It uses a multi-phase approach with sub-agents for integrity checks before safely updating or deferring risky packages. Results are logged locally.",[195,196,197,198,199],"Audits npm/Bun dependencies for supply chain integrity","Verifies maintainers, publish age, tarball diffs, and provenance","Safely bumps dependencies based on audit results","Defers risky packages for manual review","Logs all audit and update results locally",[201,202,203,204],"Automatically updating all dependencies without review","Handling non-npm/Bun package managers","Performing code-level security analysis of the project's own codebase","Replacing a full CI/CD pipeline","3.0.0","4.4.0","To ensure the integrity and security of project dependencies by performing thorough supply chain checks before updating packages, minimizing risks associated with outdated or compromised libraries.","Excellent adherence to all checks, particularly in security, documentation, and practical utility for dependency management. The detailed audit process and clear error handling contribute to its high score.",98,"A robust skill for auditing and updating npm/Bun dependencies with strong supply chain integrity checks.",[212,213,214,215,216,217,218],"dependencies","npm","bun","supply-chain","auditing","security","developer-tools","global","verified",[222,223,224,225],"When updating project dependencies to the latest versions","When a project's dependencies haven't been updated in a while","Before merging a pull request that includes dependency updates","To proactively identify and mitigate supply chain risks in project dependencies",{"codeQuality":227,"collectedAt":229,"documentation":230,"maintenance":233,"security":239,"testCoverage":242},{"hasLockfile":228},true,1778683055691,{"descriptionLength":231,"readmeSize":232},204,8992,{"closedIssues90d":234,"forks":235,"hasChangelog":228,"openIssues90d":236,"pushedAt":237,"stars":238},125,363,64,1778682278000,5267,{"hasNpmPackage":240,"license":241,"smitheryVerified":240},false,"Apache-2.0",{"hasCi":228,"hasTests":228},{"updatedAt":244},1778683088083,{"basePath":246,"githubOwner":247,"githubRepo":248,"locale":18,"slug":13,"type":249},".agents/skills/update-deps","backnotprop","plannotator","skill",null,{"evaluate":252,"extract":254},{"promptVersionExtension":205,"promptVersionScoring":206,"score":209,"tags":253,"targetMarket":219,"tier":220},[212,213,214,215,216,217,218],{"commitSha":255},"HEAD",{"repoId":257},"kd78wavmsqx3xwvse964rbj4d986m9r5",{"_creationTime":259,"_id":257,"identity":260,"providers":261,"workflow":445},1778682913452.569,{"githubOwner":247,"githubRepo":248,"sourceUrl":14},{"classify":262,"discover":429,"github":432},{"commitSha":255,"extensions":263},[264,279,299,315,324,339,347,352,360,375,383,391,401,417],{"basePath":265,"displayName":248,"installMethods":266,"rationale":267,"selectedPaths":268,"source":277,"sourceLanguage":18,"type":278},"",{"claudeCode":12},"marketplace.json at .claude-plugin/marketplace.json (coalesced with duplicate marketplace at .github/plugin)",[269,272,274],{"path":270,"priority":271},".claude-plugin/marketplace.json","mandatory",{"path":273,"priority":271},"README.md",{"path":275,"priority":276},"LICENSE-APACHE","high","rule","marketplace",{"basePath":280,"description":281,"displayName":248,"installMethods":282,"rationale":283,"selectedPaths":284,"source":277,"sourceLanguage":18,"type":298},"apps/hook","Interactive Plan Review: Mark up and refine your plans using a UI, easily share for team collaboration, automatically integrates with plan mode hooks.",{"claudeCode":248},"plugin manifest at apps/hook/.claude-plugin/plugin.json",[285,287,288,290,292,294,296],{"path":286,"priority":271},".claude-plugin/plugin.json",{"path":273,"priority":271},{"path":289,"priority":276},"commands/plannotator-annotate.md",{"path":291,"priority":276},"commands/plannotator-archive.md",{"path":293,"priority":276},"commands/plannotator-last.md",{"path":295,"priority":276},"commands/plannotator-review.md",{"path":297,"priority":276},"hooks/hooks.json","plugin",{"basePath":300,"description":301,"displayName":302,"installMethods":303,"license":304,"rationale":305,"selectedPaths":306,"source":277,"sourceLanguage":18,"type":298},"apps/copilot","Interactive Plan & Code Review for GitHub Copilot CLI. Visual annotations, team sharing, structured feedback.","plannotator-copilot",{"claudeCode":302},"MIT OR Apache-2.0","plugin manifest at apps/copilot/plugin.json",[307,309,310,311,312,313],{"path":308,"priority":271},"plugin.json",{"path":273,"priority":271},{"path":289,"priority":276},{"path":293,"priority":276},{"path":295,"priority":276},{"path":314,"priority":271},"hooks.json",{"basePath":316,"description":317,"displayName":318,"installMethods":319,"rationale":320,"selectedPaths":321,"source":277,"sourceLanguage":18,"type":249},".agents/skills/pierre-guard","Guard against breaking the @pierre/diffs integration in Plannotator's code review UI. Use this skill whenever modifying DiffViewer.tsx, upgrading the @pierre/diffs package, changing unsafeCSS injection, adding new props to FileDiff, or touching shadow DOM selectors or CSS variables that cross into Pierre's shadow boundary. Also trigger when someone asks \"will this break the diff viewer\", \"is this safe to change\", or when reviewing PRs that touch the review-editor package.","pierre-guard",{"claudeCode":12},"SKILL.md frontmatter at .agents/skills/pierre-guard/SKILL.md",[322],{"path":323,"priority":271},"SKILL.md",{"basePath":325,"description":326,"displayName":327,"installMethods":328,"rationale":329,"selectedPaths":330,"source":277,"sourceLanguage":18,"type":249},".agents/skills/release","Prepare and execute a Plannotator release — draft release notes with full contributor credit, bump versions across all package files, build in dependency order, and kick off the tag-driven release pipeline. Use this skill whenever the user mentions preparing a release, bumping versions, writing release notes, tagging a release, or publishing. Also trigger when the user says things like \"let's ship\", \"prep a release\", \"what's changed since last release\", or \"time to cut a new version\".","release-plannotator",{"claudeCode":12},"SKILL.md frontmatter at .agents/skills/release/SKILL.md",[331,332,335,337],{"path":323,"priority":271},{"path":333,"priority":334},"references/release-notes-v0.12.0.md","medium",{"path":336,"priority":334},"references/release-notes-v0.13.0.md",{"path":338,"priority":334},"references/release-notes-v0.13.1.md",{"basePath":340,"description":341,"displayName":342,"installMethods":343,"rationale":344,"selectedPaths":345,"source":277,"sourceLanguage":18,"type":249},".agents/skills/review-renovate","Review Renovate bot PRs that update GitHub Actions dependencies. Verifies supply chain integrity by checking pinned commit SHAs against upstream tagged releases, reviews changelogs for breaking changes, and confirms compatibility with existing workflow configurations. Use when a Renovate PR updates GitHub Actions in .github/workflows/.","review-renovate",{"claudeCode":12},"SKILL.md frontmatter at .agents/skills/review-renovate/SKILL.md",[346],{"path":323,"priority":271},{"basePath":246,"description":10,"displayName":13,"installMethods":348,"rationale":349,"selectedPaths":350,"source":277,"sourceLanguage":18,"type":249},{"claudeCode":12},"SKILL.md frontmatter at .agents/skills/update-deps/SKILL.md",[351],{"path":323,"priority":271},{"basePath":353,"description":354,"displayName":355,"installMethods":356,"rationale":357,"selectedPaths":358,"source":277,"sourceLanguage":18,"type":249},"apps/skills/plannotator-annotate","Open Plannotator's annotation UI for a markdown file, converted HTML file, URL, or folder and then respond to the returned annotations.","plannotator-annotate",{"claudeCode":12},"SKILL.md frontmatter at apps/skills/plannotator-annotate/SKILL.md",[359],{"path":323,"priority":271},{"basePath":361,"description":362,"displayName":363,"installMethods":364,"rationale":365,"selectedPaths":366,"source":277,"sourceLanguage":18,"type":249},"apps/skills/plannotator-compound","Analyze a user's Plannotator plan archive to extract denial patterns, feedback taxonomy, evolution over time, and actionable prompt improvements — then produce a polished HTML dashboard report. Falls back to Claude Code ExitPlanMode denial reasons when Plannotator data is unavailable.\n","plannotator-compound",{"claudeCode":12},"SKILL.md frontmatter at apps/skills/plannotator-compound/SKILL.md",[367,368,371,373],{"path":323,"priority":271},{"path":369,"priority":370},"assets/report-template.html","low",{"path":372,"priority":334},"references/claude-code-fallback.md",{"path":374,"priority":370},"scripts/extract_exit_plan_mode_outcomes.py",{"basePath":376,"description":377,"displayName":378,"installMethods":379,"rationale":380,"selectedPaths":381,"source":277,"sourceLanguage":18,"type":249},"apps/skills/plannotator-last","Open Plannotator on the latest rendered assistant message and use the returned annotations to revise that message or continue.","plannotator-last",{"claudeCode":12},"SKILL.md frontmatter at apps/skills/plannotator-last/SKILL.md",[382],{"path":323,"priority":271},{"basePath":384,"description":385,"displayName":386,"installMethods":387,"rationale":388,"selectedPaths":389,"source":277,"sourceLanguage":18,"type":249},"apps/skills/plannotator-review","Open Plannotator's browser-based code review UI for the current worktree or a pull request URL, then act on the feedback that comes back.","plannotator-review",{"claudeCode":12},"SKILL.md frontmatter at apps/skills/plannotator-review/SKILL.md",[390],{"path":323,"priority":271},{"basePath":392,"description":393,"displayName":394,"installMethods":395,"rationale":396,"selectedPaths":397,"source":277,"sourceLanguage":18,"type":249},"apps/skills/plannotator-setup-goal","Create reviewed Codex goal setup packages for long-running /goal work. Use when the user wants to turn an idea, backlog, project mission, or vague objective into durable goal files under a project goals slug folder, with Plannotator review gates for brief, narrative plan with acceptance criteria, verification, blockers, and the final /goal prompt.","plannotator-setup-goal",{"claudeCode":12},"SKILL.md frontmatter at apps/skills/plannotator-setup-goal/SKILL.md",[398,399],{"path":323,"priority":271},{"path":400,"priority":370},"scripts/scaffold_goal.py",{"basePath":402,"description":403,"displayName":404,"installMethods":405,"rationale":406,"selectedPaths":407,"source":277,"sourceLanguage":18,"type":249},"apps/skills/plannotator-visual-explainer","Generate self-contained HTML visualizations with Plannotator theming. Use for implementation plans, PR explainers, architecture diagrams, data tables, slide decks, and any visual explanation of technical concepts. Plans and PR explainers follow Plannotator's prescriptive approach; all other visual content delegates to nicobailon/visual-explainer.\n","plannotator-visual-explainer",{"claudeCode":12},"SKILL.md frontmatter at apps/skills/plannotator-visual-explainer/SKILL.md",[408,409,411,413,415],{"path":323,"priority":271},{"path":410,"priority":334},"references/design-system.md",{"path":412,"priority":334},"references/pr-components.md",{"path":414,"priority":334},"references/svg-patterns.md",{"path":416,"priority":334},"references/theme-override.md",{"basePath":265,"description":418,"displayName":248,"installMethods":419,"license":304,"rationale":420,"selectedPaths":421,"source":277,"sourceLanguage":18,"type":428},"Interactive Plan Review for Claude Code - annotate plans visually, share with team, automatically send feedback",{"npm":248},"cli ecosystem detected at /",[422,424,425,426],{"path":423,"priority":271},"package.json",{"path":273,"priority":271},{"path":275,"priority":276},{"path":427,"priority":334},"bin/plannotator.js","cli",{"sources":430},[431],"manual",{"closedIssues90d":234,"description":433,"forks":235,"homepage":434,"license":241,"openIssues90d":236,"pushedAt":237,"readmeSize":232,"stars":238,"topics":435},"Annotate and review coding agent plans and code diffs visually, share with your team, send feedback to agents with one click.","https://plannotator.ai",[436,437,438,439,440,441,442,443,444],"claude-code","opencode","obsidian","pi-mono","plan-mode","codex","agents","code-review","skills",{"classifiedAt":446,"discoverAt":447,"extractAt":448,"githubAt":448,"updatedAt":446},1778682918806,1778682913452,1778682916808,[216,214,212,218,213,217,215],{"evaluatedAt":244,"extractAt":451,"updatedAt":244},1778682919003,[],[454,483,510,537,565,593],{"_creationTime":455,"_id":456,"community":457,"display":458,"identity":464,"providers":468,"relations":476,"tags":479,"workflow":480},1778695548458.3328,"k17cyw0d6mk1vdgew2xmncx1f186npdm",{"reviewCount":8},{"description":459,"installMethods":460,"name":462,"sourceUrl":463},"Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.\n",{"claudeCode":461},"pjt222/agent-almanac","audit-dependency-versions","https://github.com/pjt222/agent-almanac",{"basePath":465,"githubOwner":466,"githubRepo":467,"locale":18,"slug":462,"type":249},"skills/audit-dependency-versions","pjt222","agent-almanac",{"evaluate":469,"extract":475},{"promptVersionExtension":205,"promptVersionScoring":206,"score":470,"tags":471,"targetMarket":219,"tier":220},100,[212,216,217,472,473,474],"upgrades","versioning","maintenance",{"commitSha":255},{"parentExtensionId":477,"repoId":478},"k170h0janaa9kwn7cfgfz2ykss86mmh9","kd7aryv63z61j39n2td1aeqkvh86mh12",[216,212,474,217,472,473],{"evaluatedAt":481,"extractAt":482,"updatedAt":481},1778696062378,1778695548458,{"_creationTime":484,"_id":485,"community":486,"display":487,"identity":493,"providers":497,"relations":504,"tags":506,"workflow":507},1778695753353.633,"k17fxb9fnez7bhk0sy8znxzx8n86m48r",{"reviewCount":8},{"description":488,"installMethods":489,"name":491,"sourceUrl":492},"Drift detection + baseline integrity guard for agent workspace files with automatic alerting support",{"claudeCode":490},"prompt-security/clawsec","soul-guardian","https://github.com/prompt-security/clawsec",{"basePath":494,"githubOwner":495,"githubRepo":496,"locale":18,"slug":491,"type":249},"skills/soul-guardian","prompt-security","clawsec",{"evaluate":498,"extract":503},{"promptVersionExtension":205,"promptVersionScoring":206,"score":470,"tags":499,"targetMarket":219,"tier":220},[217,500,216,501,502],"integrity","file-guard","workspace",{"commitSha":255},{"repoId":505},"kd72phsqkbk8w57ctvf7ac9nqs86n9t4",[216,501,500,217,502],{"evaluatedAt":508,"extractAt":509,"updatedAt":508},1778696065248,1778695753353,{"_creationTime":511,"_id":512,"community":513,"display":514,"identity":520,"providers":525,"relations":531,"tags":533,"workflow":534},1778691193352.5176,"k17fczm34j9645kq7jcp1b4hss86mz0t",{"reviewCount":8},{"description":515,"installMethods":516,"name":518,"sourceUrl":519},"Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida \"Revisión diff develop\", \"revisión diff develop\", \"diff develop\", \"revisar diff\", \"codex diff\" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.",{"claudeCode":517},"j4rk0r/claude-skills","codex-diff-develop","https://github.com/j4rk0r/claude-skills",{"basePath":521,"githubOwner":522,"githubRepo":523,"locale":524,"slug":518,"type":249},"skills/codex-diff-develop","j4rk0r","claude-skills","es",{"evaluate":526,"extract":530},{"promptVersionExtension":205,"promptVersionScoring":206,"score":470,"tags":527,"targetMarket":219,"tier":220},[528,443,529,217,216,218],"drupal","diff",{"commitSha":255},{"repoId":532},"kd79shaph0e07035621cxd7x1n86m944",[216,443,218,529,528,217],{"evaluatedAt":535,"extractAt":536,"updatedAt":535},1778691216358,1778691193352,{"_creationTime":538,"_id":539,"community":540,"display":541,"identity":547,"providers":551,"relations":558,"tags":561,"workflow":562},1778696691708.3306,"k172evhhmbzzyp7g0t2caf4hfh86nsp9",{"reviewCount":8},{"description":542,"installMethods":543,"name":545,"sourceUrl":546},"First-run setup for ruvector@0.2.25 — installs ONNX/Brain/SONA add-ons, registers the MCP server, and verifies the install via `doctor`",{"claudeCode":544},"ruvnet/ruflo","vector-setup","https://github.com/ruvnet/ruflo",{"basePath":548,"githubOwner":549,"githubRepo":550,"locale":18,"slug":545,"type":249},"plugins/ruflo-ruvector/skills/vector-setup","ruvnet","ruflo",{"evaluate":552,"extract":557},{"promptVersionExtension":205,"promptVersionScoring":206,"score":470,"tags":553,"targetMarket":219,"tier":220},[554,555,556,213,212],"setup","installation","ruvector",{"commitSha":255},{"parentExtensionId":559,"repoId":560},"k17710fw96s8hs1y3j2cye3aa586n523","kd7ed28gj8n0y3msk5dzrp05zs86nqtc",[212,555,213,556,554],{"evaluatedAt":563,"extractAt":564,"updatedAt":563},1778701365160,1778696691708,{"_creationTime":566,"_id":567,"community":568,"display":569,"identity":575,"providers":579,"relations":586,"tags":589,"workflow":590},1778698175626.3276,"k17cj6pbcgtrw523a4sw8mhcxn86mzvv",{"reviewCount":8},{"description":570,"installMethods":571,"name":573,"sourceUrl":574},"Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.",{"claudeCode":572},"trailofbits/skills","Semgrep Rule Creator","https://github.com/trailofbits/skills",{"basePath":576,"githubOwner":577,"githubRepo":444,"locale":18,"slug":578,"type":249},"plugins/semgrep-rule-creator/skills/semgrep-rule-creator","trailofbits","semgrep-rule-creator",{"evaluate":580,"extract":585},{"promptVersionExtension":205,"promptVersionScoring":206,"score":470,"tags":581,"targetMarket":219,"tier":220},[582,217,583,584,218],"semgrep","static-analysis","code-quality",{"commitSha":255},{"parentExtensionId":587,"repoId":588},"k1757483sd0rdv04r5773w2tb986mb9g","kd7d5sbrd9m157hjv9c7v4wfyn86mk2f",[584,218,217,582,583],{"evaluatedAt":591,"extractAt":592,"updatedAt":591},1778699451460,1778698175626,{"_creationTime":594,"_id":595,"community":596,"display":597,"identity":601,"providers":603,"relations":613,"tags":614,"workflow":615},1778695753353.6304,"k17eaz2hwvgye5nwmwskxjjhq186nffr",{"reviewCount":8},{"description":598,"installMethods":599,"name":600,"sourceUrl":492},"Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.",{"claudeCode":490},"clawsec-scanner",{"basePath":602,"githubOwner":495,"githubRepo":496,"locale":18,"slug":600,"type":249},"skills/clawsec-scanner",{"evaluate":604,"extract":612},{"promptVersionExtension":205,"promptVersionScoring":206,"score":470,"tags":605,"targetMarket":219,"tier":220},[217,606,607,608,609,610,213,611],"vulnerability-scanning","dependency-analysis","sast","dast","agent-platform","pip",{"commitSha":255},{"repoId":505},[610,609,607,213,611,608,217,606],{"evaluatedAt":616,"extractAt":509,"updatedAt":616},1778695848342]