[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-skill-onewave-ai-dependency-auditor-pt-BR":3,"guides-for-onewave-ai-dependency-auditor":221,"similar-k175dcgccsg615bjz3hn7knw018674pp":222},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":20,"identity":186,"isFallback":191,"parentExtension":192,"providers":193,"relations":198,"repo":200,"workflow":218},1778054663200.0667,"k175dcgccsg615bjz3hn7knw018674pp",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":12,"sourceUrl":13,"tags":14},"Audit npm dependencies for security vulnerabilities, outdated packages, and unused dependencies. Use when checking for security issues, updating packages, or cleaning up dependencies.",{},"Dependency Auditor","https://github.com/onewave-ai/claude-skills/tree/HEAD/dependency-auditor",[15,16,17,18,19],"npm","dependencies","security","auditing","development",{"_creationTime":21,"_id":22,"extensionId":5,"locale":23,"result":24,"trustSignals":175,"workflow":184},1778055270278.097,"kn7bv75ce17twzq5xmpa6dbmed866jre","en",{"checks":25,"evaluatedAt":165,"extensionSummary":166,"promptVersionExtension":167,"promptVersionScoring":168,"rationale":169,"score":170,"summary":171,"tags":172,"targetMarket":173,"tier":174},[26,31,34,37,41,44,48,53,56,59,63,68,71,75,78,81,84,87,90,93,97,101,105,109,114,117,120,123,127,130,133,136,139,142,146,149,152,155,158,162],{"category":27,"check":28,"severity":29,"summary":30},"Practical Utility","Problem relevance","pass","The description clearly states the user problem: auditing npm dependencies for security, outdatedness, and unused packages.",{"category":27,"check":32,"severity":29,"summary":33},"Unique selling proposition","The skill provides a structured approach and specific commands for auditing npm dependencies, offering value beyond generic LLM advice.",{"category":27,"check":35,"severity":29,"summary":36},"Production readiness","The skill covers the complete lifecycle of dependency auditing, from identifying issues to providing update strategies and lock file best practices.",{"category":38,"check":39,"severity":29,"summary":40},"Scope","Single responsibility principle","The extension focuses solely on auditing npm dependencies and related best practices, without extending into unrelated domains.",{"category":38,"check":42,"severity":29,"summary":43},"Description quality","The description accurately and concisely reflects the skill's capabilities and intended use case.",{"category":45,"check":46,"severity":29,"summary":47},"Invocation","Scoped tools","The skill uses specific, well-defined commands for each auditing task (e.g., `npm audit`, `npm outdated`), rather than a single generalist tool.",{"category":49,"check":50,"severity":51,"summary":52},"Documentation","Configuration & parameter reference","info","While the commands are clear, the skill does not explicitly document default parameters or precedence order for any configuration files it might implicitly use.",{"category":38,"check":54,"severity":29,"summary":55},"Tool naming","All commands used within the skill (e.g., `npm audit`, `npx npm-check-updates`) are descriptive and standard for the domain.",{"category":38,"check":57,"severity":29,"summary":58},"Minimal I/O surface","The commands used focus on the specific task of dependency auditing and do not appear to return extraneous diagnostic information.",{"category":60,"check":61,"severity":29,"summary":62},"License","License usability","The extension is licensed under the MIT license, a permissive open-source license, clearly indicated in a LICENSE file.",{"category":64,"check":65,"severity":66,"summary":67},"Maintenance","Commit recency","not_applicable","No commit history is available for this specific skill file.",{"category":64,"check":69,"severity":66,"summary":70},"Dependency Management","The skill itself does not introduce third-party dependencies; it relies on external npm commands which are managed by the user's environment.",{"category":72,"check":73,"severity":66,"summary":74},"Security","Secret Management","The skill does not handle or expose any secrets.",{"category":72,"check":76,"severity":29,"summary":77},"Injection","The skill utilizes standard npm commands and does not appear to load or execute untrusted third-party data as instructions.",{"category":72,"check":79,"severity":29,"summary":80},"Transitive Supply-Chain Grenades","The skill relies on existing, installed npm commands and does not fetch external scripts or data at runtime.",{"category":72,"check":82,"severity":29,"summary":83},"Sandbox Isolation","The skill executes standard npm commands within the user's environment and does not appear to modify files outside of the project's scope.",{"category":72,"check":85,"severity":29,"summary":86},"Sandbox escape primitives","No detached-process spawns or deny-retry loops are present in the script commands.",{"category":72,"check":88,"severity":29,"summary":89},"Data Exfiltration","The commands used are for local analysis and do not involve outbound calls to third parties with sensitive data.",{"category":72,"check":91,"severity":29,"summary":92},"Hidden Text Tricks","The bundled file does not contain any hidden-steering tricks, invisible characters, or obfuscation.",{"category":94,"check":95,"severity":29,"summary":96},"Hooks","Opaque code execution","The skill uses standard, readable bash commands and does not employ obfuscation techniques like base64 payloads or runtime script fetching.",{"category":98,"check":99,"severity":29,"summary":100},"Portability","Structural Assumption","The skill assumes standard npm/pnpm/yarn environments and does not make assumptions about specific user project directory structures beyond needing a `package.json` context.",{"category":102,"check":103,"severity":66,"summary":104},"Trust","Issues Attention","No issue tracking data is available for this specific skill file.",{"category":106,"check":107,"severity":51,"summary":108},"Versioning","Release Management","The SKILL.md frontmatter is missing a version field, and there are no GitHub release tags or CHANGELOG.md for this specific skill, meaning versioning is not explicitly managed.",{"category":110,"check":111,"severity":112,"summary":113},"Code Execution","Validation","warning","While the commands themselves perform validation, the skill does not explicitly detail parameter validation or sanitization beyond what the underlying npm commands provide.",{"category":72,"check":115,"severity":66,"summary":116},"Unguarded Destructive Operations","The skill is purely analytical and does not perform any destructive operations.",{"category":110,"check":118,"severity":29,"summary":119},"Error Handling","The skill provides clear instructions on how to handle errors for various package managers (npm, pnpm, yarn) and suggests commands for fixing issues.",{"category":110,"check":121,"severity":66,"summary":122},"Logging","This skill is read-only in its analysis and does not perform actions that require local audit logging.",{"category":124,"check":125,"severity":66,"summary":126},"Compliance","GDPR","The skill operates on project dependencies and does not handle personal data.",{"category":124,"check":128,"severity":29,"summary":129},"Target market","The skill is globally applicable and does not contain any region-specific logic or data.",{"category":98,"check":131,"severity":29,"summary":132},"Runtime stability","The skill uses standard commands compatible with common package managers (npm, pnpm, yarn) and provides clear instructions.",{"category":45,"check":134,"severity":29,"summary":135},"Precise Purpose","The description clearly states the artifact (npm dependencies) and the tasks (security audit, outdated, unused, bundle size), and implies when to use it for these purposes.",{"category":45,"check":137,"severity":29,"summary":138},"Concise Frontmatter","The frontmatter is concise and effectively summarizes the skill's core capability and triggers.",{"category":49,"check":140,"severity":29,"summary":141},"Concise Body","The skill body is well-structured, uses clear markdown formatting, and delegates detailed procedures to commands rather than excessive prose.",{"category":143,"check":144,"severity":29,"summary":145},"Context","Progressive Disclosure","The SKILL.md outlines the main steps and provides specific commands, adhering to progressive disclosure principles.",{"category":143,"check":147,"severity":66,"summary":148},"Forked exploration","This skill is focused on providing commands for analysis and does not involve deep exploration requiring a forked context.",{"category":27,"check":150,"severity":29,"summary":151},"Usage examples","The skill provides clear, runnable examples for each of its core functionalities (security audit, outdated packages, unused dependencies, bundle size).",{"category":27,"check":153,"severity":29,"summary":154},"Edge cases","The skill addresses common edge cases, such as false positives with `depcheck`, and suggests recovery steps like `npm audit fix`.",{"category":110,"check":156,"severity":66,"summary":157},"Tool Fallback","This skill does not rely on any external tools that would require a fallback mechanism; it uses standard npm/pnpm/yarn commands.",{"category":159,"check":160,"severity":29,"summary":161},"Safety","Halt on unexpected state","The skill's instructions implicitly promote halting on unexpected states by providing commands to fix issues and recommendations for lock file regeneration.",{"category":98,"check":163,"severity":29,"summary":164},"Cross-skill coupling","The skill is self-contained and does not rely on other skills being loaded in the same session.",1778054816338,"This skill provides a comprehensive guide and specific commands for auditing npm dependencies. It covers security vulnerabilities, outdated packages, unused dependencies, and bundle size analysis, offering strategies for updates and best practices for lock files.","2.0.0","3.4.0","This skill is well-structured, highly practical, and covers its intended domain comprehensively. It provides clear instructions, useful commands, and addresses common edge cases, making it a production-ready tool for dependency auditing.",95,"This is a high-quality, production-ready skill for auditing npm dependencies.",[15,16,17,18,19],"global","verified",{"codeQuality":176,"collectedAt":177,"documentation":178,"maintenance":180,"security":181,"testCoverage":183},{},1778054804768,{"descriptionLength":179,"readmeSize":8},183,{},{"hasNpmPackage":182,"smitheryVerified":182},false,{"hasCi":182,"hasTests":182},{"updatedAt":185},1778055270278,{"githubOwner":187,"githubRepo":188,"locale":23,"slug":189,"type":190},"onewave-ai","claude-skills","dependency-auditor","skill",true,null,{"extract":194,"llm":197},{"commitSha":195,"license":196},"eb3d80be32b6cafcf0d5df1c1b8a95df75838271","MIT",{"promptVersionExtension":167,"promptVersionScoring":168,"score":170,"targetMarket":173,"tier":174},{"repoId":199},"kd71e43dj0b7ak5e55pyshxp4n864t6p",{"_creationTime":201,"_id":199,"identity":202,"providers":204,"workflow":215},1777995558409.8716,{"githubOwner":187,"githubRepo":188,"sourceUrl":203},"https://github.com/onewave-ai/claude-skills",{"discover":205,"github":208},{"sources":206},[207],"skills-sh",{"closedIssues90d":8,"forks":209,"license":196,"openIssues90d":210,"pushedAt":211,"readmeSize":212,"stars":213,"topics":214},15,1,1775817251000,11706,113,[],{"discoverAt":216,"extractAt":217,"githubAt":217,"updatedAt":217},1777995558409,1778054678433,{"anyEnrichmentAt":219,"extractAt":220,"githubAt":219,"llmAt":185,"updatedAt":185},1778054667983,1778054663200,[],[223,253,275,302,333,353],{"_creationTime":224,"_id":225,"community":226,"display":227,"identity":238,"providers":242,"relations":247,"workflow":249},1778053622473.6736,"k17cr3mkj0ckymz10rb2a9rmf986667y",{"reviewCount":8},{"description":228,"installMethods":229,"name":230,"sourceUrl":231,"tags":232},"Detect CVEs and security issues in project dependencies. Use when you need to analyze packages for known vulnerabilities across npm, pip, cargo, and other ecosystems.",{},"Dependency Scan","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/security/dependency-scan",[17,16,233,15,234,235,236,237],"cve","pip","cargo","scanning","vulnerability",{"githubOwner":239,"githubRepo":240,"locale":23,"slug":241,"type":190},"jwynia","agent-skills","dependency-scan",{"extract":243,"llm":245},{"commitSha":244,"license":196},"e02ec7e226a6e4f8419fd3b88a1d8e472d421b32",{"promptVersionExtension":167,"promptVersionScoring":168,"score":246,"targetMarket":173,"tier":174},98,{"repoId":248},"kd7efn3mprpa8rd8vm5hw5ebzx864fph",{"anyEnrichmentAt":250,"extractAt":251,"githubAt":250,"llmAt":252,"updatedAt":252},1778053625386,1778053622473,1778054012696,{"_creationTime":254,"_id":255,"community":256,"display":257,"identity":268,"providers":270,"relations":273,"workflow":274},1778053622473.6658,"k17bbjjk7fn3ngqhcnvx7d97y9867yk9",{"reviewCount":8},{"description":258,"installMethods":259,"name":260,"sourceUrl":261,"tags":262},"Build and publish npx-executable CLI tools using Bun as the primary toolchain with npm-compatible output. Use when the user wants to create a new CLI tool, set up a command-line package for npx execution, configure argument parsing and terminal output, or publish a CLI to npm. Covers scaffolding, citty arg parsing, sub-commands, terminal UX, strict TypeScript, Biome + ESLint linting, Vitest testing, Bunup bundling, and publishing workflows. Keywords: npx, cli, command-line, binary, bin, tool, bun, citty, commander, terminal, publish, typescript, biome, vitest.",{},"npx CLI Tool Development (Bun-First)","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/development/tooling/npx-cli",[263,264,265,15,266,267,19],"cli","bun","typescript","scaffolding","tooling",{"githubOwner":239,"githubRepo":240,"locale":23,"slug":269,"type":190},"npx-cli",{"extract":271,"llm":272},{"commitSha":244,"license":196},{"promptVersionExtension":167,"promptVersionScoring":168,"score":246,"targetMarket":173,"tier":174},{"repoId":248},{"anyEnrichmentAt":250,"extractAt":251,"githubAt":250,"llmAt":252,"updatedAt":252},{"_creationTime":276,"_id":277,"community":278,"display":279,"identity":288,"providers":292,"relations":296,"workflow":298},1778054741404.8755,"k17f34v6c7vmvgxab7k2xy2xrh8666t8",{"reviewCount":8},{"description":280,"installMethods":281,"name":282,"sourceUrl":283,"tags":284},"Expert code review of current git changes with a senior engineer lens. Detects SOLID violations, security risks, and proposes actionable improvements.",{},"Code Review Expert","https://github.com/sanyuan0704/sanyuan-skills/tree/HEAD/skills/code-review-expert",[285,286,17,19,287],"code-review","git","quality-assurance",{"githubOwner":289,"githubRepo":290,"locale":23,"slug":291,"type":190},"sanyuan0704","sanyuan-skills","code-review-expert",{"extract":293,"llm":295},{"commitSha":294,"license":196},"807460aaa6e23313d9e16c397d100130691083a5",{"promptVersionExtension":167,"promptVersionScoring":168,"score":170,"targetMarket":173,"tier":174},{"repoId":297},"kd7ehbmfr6fxv4k4d6h65hev89864gmz",{"anyEnrichmentAt":299,"extractAt":300,"githubAt":299,"llmAt":301,"updatedAt":301},1778054741686,1778054741404,1778054758790,{"_creationTime":303,"_id":304,"community":305,"display":306,"identity":319,"providers":322,"relations":327,"workflow":329},1778054070894.8628,"k17antgkdftwdz7cf6tkh5kq65867wht",{"reviewCount":8},{"description":307,"installMethods":308,"name":309,"sourceUrl":310,"tags":311},"Autonomous AI pentester for web apps and APIs. Run white-box security assessments with Shannon — analyzes source code, identifies attack vectors, and executes real exploits to prove vulnerabilities. Triggered by 'shannon', 'pentest', 'security audit', 'vuln scan'.",{},"Shannon Skill","https://github.com/unicodeveloper/shannon",[17,312,313,314,315,316,317,318],"pentesting","automation","api","web","exploit","owasp","docker",{"githubOwner":320,"githubRepo":321,"locale":23,"slug":321,"type":190},"unicodeveloper","shannon",{"extract":323,"llm":326},{"commitSha":324,"license":325},"6a97124bee816c7cc76c6e17bb2b0fe8c0eae032","AGPL-3.0",{"promptVersionExtension":167,"promptVersionScoring":168,"score":246,"targetMarket":173,"tier":174},{"repoId":328},"kd7dk33pc652m4w5wrxaga9qn5865x26",{"anyEnrichmentAt":330,"extractAt":331,"githubAt":330,"llmAt":332,"updatedAt":332},1778054071281,1778054070894,1778054087802,{"_creationTime":334,"_id":335,"community":336,"display":337,"identity":346,"providers":348,"relations":351,"workflow":352},1778053622473.674,"k17dd4qv51q8jrhw8tccjdhr3s867v72",{"reviewCount":8},{"description":338,"installMethods":339,"name":340,"sourceUrl":341,"tags":342},"Detect API keys, passwords, tokens, and other secrets in code. Use when you need to find hardcoded credentials and sensitive data in source code.",{},"Secrets Scan","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/security/secrets-scan",[17,343,344,345],"secrets","code-analysis","developer-tools",{"githubOwner":239,"githubRepo":240,"locale":23,"slug":347,"type":190},"secrets-scan",{"extract":349,"llm":350},{"commitSha":244,"license":196},{"promptVersionExtension":167,"promptVersionScoring":168,"score":246,"targetMarket":173,"tier":174},{"repoId":248},{"anyEnrichmentAt":250,"extractAt":251,"githubAt":250,"llmAt":252,"updatedAt":252},{"_creationTime":354,"_id":355,"community":356,"display":357,"identity":366,"providers":370,"relations":374,"workflow":376},1778054123074.255,"k178ssrewdzfvgmak4tyb3y3kd866s7b",{"reviewCount":8},{"description":358,"installMethods":359,"name":360,"sourceUrl":361,"tags":362},"Design or audit internal link structure for a website. Use when the user asks about internal linking, link architecture, orphan pages, PageRank flow, anchor text, site structure, silo architecture, or why pages aren't ranking despite good content. For external link building, see build-links.",{},"Fix Linking","https://github.com/calm-north/seojuice-skills/tree/HEAD/skills/fix-linking",[363,364,365,18],"seo","linking","website-structure",{"githubOwner":367,"githubRepo":368,"locale":23,"slug":369,"type":190},"calm-north","seojuice-skills","fix-linking",{"extract":371,"llm":373},{"commitSha":372,"license":196},"c1f633bea512365ba04477076369e418ecc82ffd",{"promptVersionExtension":167,"promptVersionScoring":168,"score":246,"targetMarket":173,"tier":174},{"repoId":375},"kd77p09fwtcsr2sfmxw6921ek1864v0a",{"anyEnrichmentAt":377,"extractAt":378,"githubAt":377,"llmAt":379,"updatedAt":379},1778054123513,1778054123074,1778054162250]