[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-skill-jwynia-dependency-scan-th":3,"guides-for-jwynia-dependency-scan":222,"similar-k17cr3mkj0ckymz10rb2a9rmf986667y":223},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":23,"identity":188,"isFallback":193,"parentExtension":194,"providers":195,"relations":199,"repo":201,"workflow":219},1778053622473.6736,"k17cr3mkj0ckymz10rb2a9rmf986667y",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":12,"sourceUrl":13,"tags":14},"Detect CVEs and security issues in project dependencies. Use when you need to analyze packages for known vulnerabilities across npm, pip, cargo, and other ecosystems.",{},"Dependency Scan","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/security/dependency-scan",[15,16,17,18,19,20,21,22],"security","dependencies","cve","npm","pip","cargo","scanning","vulnerability",{"_creationTime":24,"_id":25,"extensionId":5,"locale":26,"result":27,"trustSignals":176,"workflow":186},1778054012697.066,"kn70ngn18yyzjc9sa2fr9xyd4s867kw6","en",{"checks":28,"evaluatedAt":166,"extensionSummary":167,"promptVersionExtension":168,"promptVersionScoring":169,"rationale":170,"score":171,"summary":172,"tags":173,"targetMarket":174,"tier":175},[29,34,37,40,44,47,51,55,58,61,65,70,73,77,80,83,86,89,92,95,99,103,107,111,115,118,121,124,128,131,134,137,140,143,147,150,153,156,159,163],{"category":30,"check":31,"severity":32,"summary":33},"Practical Utility","Problem relevance","pass","The description clearly states the problem of detecting CVEs and security issues in project dependencies and names the target ecosystems.",{"category":30,"check":35,"severity":32,"summary":36},"Unique selling proposition","The skill automates vulnerability detection across multiple package managers and offers optional auto-fixing, providing value beyond simple manual checks.",{"category":30,"check":38,"severity":32,"summary":39},"Production readiness","The skill covers the complete lifecycle of dependency vulnerability scanning, reporting, and optional fixing, making it production-ready.",{"category":41,"check":42,"severity":32,"summary":43},"Scope","Single responsibility principle","The skill focuses solely on dependency security scanning and does not extend into unrelated domains like full code review or deployment.",{"category":41,"check":45,"severity":32,"summary":46},"Description quality","The description accurately and concisely reflects the skill's capability to detect CVEs and security issues across various package managers.",{"category":48,"check":49,"severity":32,"summary":50},"Invocation","Scoped tools","Tools are well-scoped, e.g., `--npm`, `--pip`, `--fix`, which are specific actions or filters for the main task.",{"category":52,"check":53,"severity":32,"summary":54},"Documentation","Configuration & parameter reference","All parameters like `--npm`, `--severity`, `--fix`, `--dry-run`, and configuration options via `.dependency-scan-ignore` and `.dependency-scan.yaml` are clearly documented.",{"category":41,"check":56,"severity":32,"summary":57},"Tool naming","Tool names such as `--npm`, `--pip`, `--fix` are descriptive and align with the skill's domain.",{"category":41,"check":59,"severity":32,"summary":60},"Minimal I/O surface","Inputs like ecosystem flags and severity filters are specific, and outputs are structured reports (Summary View, Detailed View, Auto-Fix Report) that avoid internal details.",{"category":62,"check":63,"severity":32,"summary":64},"License","License usability","The license is MIT, clearly stated in the manifest and README, and is a permissive open-source license.",{"category":66,"check":67,"severity":68,"summary":69},"Maintenance","Commit recency","not_applicable","No commit data is available for evaluation.",{"category":66,"check":71,"severity":68,"summary":72},"Dependency Management","The skill itself does not appear to have third-party dependencies that require management within its own bundle.",{"category":74,"check":75,"severity":32,"summary":76},"Security","Secret Management","The skill focuses on scanning project dependencies and does not handle or expose secrets from the user's environment.",{"category":74,"check":78,"severity":32,"summary":79},"Injection","The skill scans project dependencies and does not appear to load or execute untrusted external data as instructions.",{"category":74,"check":81,"severity":32,"summary":82},"Transitive Supply-Chain Grenades","The skill scans project files and does not fetch remote code or data at runtime for execution.",{"category":74,"check":84,"severity":32,"summary":85},"Sandbox Isolation","The skill operates on project files and does not appear to modify or access files outside the project scope.",{"category":74,"check":87,"severity":32,"summary":88},"Sandbox escape primitives","No detached process spawns or deny-retry loops were found in the provided script examples.",{"category":74,"check":90,"severity":32,"summary":91},"Data Exfiltration","The skill's purpose is to scan local project files and does not involve sending user data to third-party services.",{"category":74,"check":93,"severity":32,"summary":94},"Hidden Text Tricks","The bundled content appears free of hidden-steering tricks, and descriptions use standard characters.",{"category":96,"check":97,"severity":32,"summary":98},"Hooks","Opaque code execution","The skill appears to use standard shell commands and does not employ obfuscated or minified code execution.",{"category":100,"check":101,"severity":32,"summary":102},"Portability","Structural Assumption","The skill correctly assumes standard project structures for various package managers and does not rely on custom user paths.",{"category":104,"check":105,"severity":68,"summary":106},"Trust","Issues Attention","No issue data is available for evaluation.",{"category":108,"check":109,"severity":32,"summary":110},"Versioning","Release Management","The manifest declares a version ('1.0') and the skill is part of a larger collection with versioning indicated.",{"category":112,"check":113,"severity":32,"summary":114},"Code Execution","Validation","The skill accepts structured inputs via flags and clearly defined modes, with documented output formats, implying validation.",{"category":74,"check":116,"severity":32,"summary":117},"Unguarded Destructive Operations","The `--fix` mode is explicitly flagged as optional and includes a `--dry-run` option, providing a guard against destructive operations.",{"category":112,"check":119,"severity":32,"summary":120},"Error Handling","The documentation outlines various scan modes, severity filters, and auto-fix behaviors, implying robust error handling for different scenarios.",{"category":112,"check":122,"severity":68,"summary":123},"Logging","The skill's primary function is analysis and reporting, not destructive actions or outbound calls that would necessitate local audit logging.",{"category":125,"check":126,"severity":32,"summary":127},"Compliance","GDPR","The skill operates on project dependency files and does not handle personal data.",{"category":125,"check":129,"severity":32,"summary":130},"Target market","The skill is general purpose for software development and has no regional or jurisdictional limitations; targetMarket is global.",{"category":100,"check":132,"severity":32,"summary":133},"Runtime stability","The skill relies on standard package managers and tools, and its documentation lists supported ecosystems, indicating broad portability.",{"category":48,"check":135,"severity":32,"summary":136},"Precise Purpose","The description clearly states the purpose (detect CVEs and security issues in project dependencies) and the context for use (analyzing packages for known vulnerabilities across npm, pip, cargo, and other ecosystems).",{"category":48,"check":138,"severity":32,"summary":139},"Concise Frontmatter","The frontmatter is concise and effectively summarizes the skill's core capability and trigger phrases.",{"category":52,"check":141,"severity":32,"summary":142},"Concise Body","The SKILL.md body is well-structured and avoids excessive length, delegating detailed information to other sections.",{"category":144,"check":145,"severity":32,"summary":146},"Context","Progressive Disclosure","Detailed information such as vulnerability databases, CVSS scoring, commands used, and auto-fix behavior is presented clearly within the SKILL.md, without embedding excessively large blobs.",{"category":144,"check":148,"severity":68,"summary":149},"Forked exploration","The skill is a focused task and does not involve deep exploration that would necessitate forked context.",{"category":30,"check":151,"severity":32,"summary":152},"Usage examples","Sufficient end-to-end examples are provided for quick start, scan modes, and auto-fix, clearly demonstrating input and expected output.",{"category":30,"check":154,"severity":32,"summary":155},"Edge cases","The skill handles various edge cases like specific ecosystems, severity filters, auto-fixing with dry-run, and configuration through ignore files.",{"category":112,"check":157,"severity":68,"summary":158},"Tool Fallback","The skill appears to use standard system commands for package managers and does not rely on an optional external MCP server with a fallback.",{"category":160,"check":161,"severity":32,"summary":162},"Safety","Halt on unexpected state","The `--fix` option with `--dry-run` and the configuration for ignoring issues suggest a controlled approach to unexpected states.",{"category":100,"check":164,"severity":32,"summary":165},"Cross-skill coupling","The skill is self-contained and its related skills are clearly listed as separate entities, avoiding implicit coupling.",1778054004911,"This skill scans project dependencies using various package managers and vulnerability databases to report CVEs. It offers functionality for specific ecosystem scans, severity filtering, and an optional auto-fix mode with dry-run capabilities. Additionally, it provides dependency health checks beyond CVEs, including outdated, deprecated, and unmaintained packages.","2.0.0","3.4.0","The skill is exceptionally well-documented, production-ready, and adheres to best practices for scope, security, and portability. It provides clear examples, handles edge cases, and has a well-defined purpose. The only check that was not applicable was related to commit recency and issue tracking, for which no data was available.",98,"A comprehensive and well-documented skill for detecting and fixing vulnerabilities in project dependencies across multiple ecosystems.",[15,16,17,18,19,20,21,22],"global","verified",{"codeQuality":177,"collectedAt":178,"documentation":179,"maintenance":181,"security":182,"testCoverage":185},{},1778053993512,{"descriptionLength":180,"readmeSize":8},166,{},{"hasNpmPackage":183,"license":184,"smitheryVerified":183},false,"MIT",{"hasCi":183,"hasTests":183},{"updatedAt":187},1778054012696,{"githubOwner":189,"githubRepo":190,"locale":26,"slug":191,"type":192},"jwynia","agent-skills","dependency-scan","skill",true,null,{"extract":196,"llm":198},{"commitSha":197,"license":184},"e02ec7e226a6e4f8419fd3b88a1d8e472d421b32",{"promptVersionExtension":168,"promptVersionScoring":169,"score":171,"targetMarket":174,"tier":175},{"repoId":200},"kd7efn3mprpa8rd8vm5hw5ebzx864fph",{"_creationTime":202,"_id":200,"identity":203,"providers":205,"workflow":216},1777995558409.897,{"githubOwner":189,"githubRepo":190,"sourceUrl":204},"https://github.com/jwynia/agent-skills",{"discover":206,"github":209},{"sources":207},[208],"skills-sh",{"closedIssues90d":8,"forks":210,"openIssues90d":211,"pushedAt":212,"readmeSize":213,"stars":214,"topics":215},10,2,1771900514000,11924,70,[],{"discoverAt":217,"extractAt":218,"githubAt":218,"updatedAt":218},1777995558409,1778053628601,{"anyEnrichmentAt":220,"extractAt":221,"githubAt":220,"llmAt":187,"updatedAt":187},1778053625386,1778053622473,[],[224,251,282,302,324,347],{"_creationTime":225,"_id":226,"community":227,"display":228,"identity":236,"providers":240,"relations":245,"workflow":247},1778054663200.0667,"k175dcgccsg615bjz3hn7knw018674pp",{"reviewCount":8},{"description":229,"installMethods":230,"name":231,"sourceUrl":232,"tags":233},"Audit npm dependencies for security vulnerabilities, outdated packages, and unused dependencies. Use when checking for security issues, updating packages, or cleaning up dependencies.",{},"Dependency Auditor","https://github.com/onewave-ai/claude-skills/tree/HEAD/dependency-auditor",[18,16,15,234,235],"auditing","development",{"githubOwner":237,"githubRepo":238,"locale":26,"slug":239,"type":192},"onewave-ai","claude-skills","dependency-auditor",{"extract":241,"llm":243},{"commitSha":242,"license":184},"eb3d80be32b6cafcf0d5df1c1b8a95df75838271",{"promptVersionExtension":168,"promptVersionScoring":169,"score":244,"targetMarket":174,"tier":175},95,{"repoId":246},"kd71e43dj0b7ak5e55pyshxp4n864t6p",{"anyEnrichmentAt":248,"extractAt":249,"githubAt":248,"llmAt":250,"updatedAt":250},1778054667983,1778054663200,1778055270278,{"_creationTime":252,"_id":253,"community":254,"display":255,"identity":268,"providers":271,"relations":276,"workflow":278},1778054070894.8628,"k17antgkdftwdz7cf6tkh5kq65867wht",{"reviewCount":8},{"description":256,"installMethods":257,"name":258,"sourceUrl":259,"tags":260},"Autonomous AI pentester for web apps and APIs. Run white-box security assessments with Shannon — analyzes source code, identifies attack vectors, and executes real exploits to prove vulnerabilities. Triggered by 'shannon', 'pentest', 'security audit', 'vuln scan'.",{},"Shannon Skill","https://github.com/unicodeveloper/shannon",[15,261,262,263,264,265,266,267],"pentesting","automation","api","web","exploit","owasp","docker",{"githubOwner":269,"githubRepo":270,"locale":26,"slug":270,"type":192},"unicodeveloper","shannon",{"extract":272,"llm":275},{"commitSha":273,"license":274},"6a97124bee816c7cc76c6e17bb2b0fe8c0eae032","AGPL-3.0",{"promptVersionExtension":168,"promptVersionScoring":169,"score":171,"targetMarket":174,"tier":175},{"repoId":277},"kd7dk33pc652m4w5wrxaga9qn5865x26",{"anyEnrichmentAt":279,"extractAt":280,"githubAt":279,"llmAt":281,"updatedAt":281},1778054071281,1778054070894,1778054087802,{"_creationTime":283,"_id":284,"community":285,"display":286,"identity":295,"providers":297,"relations":300,"workflow":301},1778053622473.674,"k17dd4qv51q8jrhw8tccjdhr3s867v72",{"reviewCount":8},{"description":287,"installMethods":288,"name":289,"sourceUrl":290,"tags":291},"Detect API keys, passwords, tokens, and other secrets in code. Use when you need to find hardcoded credentials and sensitive data in source code.",{},"Secrets Scan","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/security/secrets-scan",[15,292,293,294],"secrets","code-analysis","developer-tools",{"githubOwner":189,"githubRepo":190,"locale":26,"slug":296,"type":192},"secrets-scan",{"extract":298,"llm":299},{"commitSha":197,"license":184},{"promptVersionExtension":168,"promptVersionScoring":169,"score":171,"targetMarket":174,"tier":175},{"repoId":200},{"anyEnrichmentAt":220,"extractAt":221,"githubAt":220,"llmAt":187,"updatedAt":187},{"_creationTime":303,"_id":304,"community":305,"display":306,"identity":317,"providers":319,"relations":322,"workflow":323},1778053622473.6658,"k17bbjjk7fn3ngqhcnvx7d97y9867yk9",{"reviewCount":8},{"description":307,"installMethods":308,"name":309,"sourceUrl":310,"tags":311},"Build and publish npx-executable CLI tools using Bun as the primary toolchain with npm-compatible output. Use when the user wants to create a new CLI tool, set up a command-line package for npx execution, configure argument parsing and terminal output, or publish a CLI to npm. Covers scaffolding, citty arg parsing, sub-commands, terminal UX, strict TypeScript, Biome + ESLint linting, Vitest testing, Bunup bundling, and publishing workflows. Keywords: npx, cli, command-line, binary, bin, tool, bun, citty, commander, terminal, publish, typescript, biome, vitest.",{},"npx CLI Tool Development (Bun-First)","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/development/tooling/npx-cli",[312,313,314,18,315,316,235],"cli","bun","typescript","scaffolding","tooling",{"githubOwner":189,"githubRepo":190,"locale":26,"slug":318,"type":192},"npx-cli",{"extract":320,"llm":321},{"commitSha":197,"license":184},{"promptVersionExtension":168,"promptVersionScoring":169,"score":171,"targetMarket":174,"tier":175},{"repoId":200},{"anyEnrichmentAt":220,"extractAt":221,"githubAt":220,"llmAt":187,"updatedAt":187},{"_creationTime":325,"_id":326,"community":327,"display":328,"identity":339,"providers":341,"relations":345,"workflow":346},1778054663200.069,"k173s355bcc3mq3jt415tn0a5d866ep3",{"reviewCount":8},{"description":329,"installMethods":330,"name":331,"sourceUrl":332,"tags":333},"Set up environment variables, .env files, and configuration management. Use when configuring environment variables, creating .env files, or managing app configuration.",{},"Environment Setup Wizard","https://github.com/onewave-ai/claude-skills/tree/HEAD/env-setup-wizard",[334,335,336,314,337,338,15],"configuration","environment-variables","env-files","zod","next-js",{"githubOwner":237,"githubRepo":238,"locale":26,"slug":340,"type":192},"env-setup-wizard",{"extract":342,"llm":343},{"commitSha":242,"license":184},{"promptVersionExtension":168,"promptVersionScoring":169,"score":344,"targetMarket":174,"tier":175},96,{"repoId":246},{"anyEnrichmentAt":248,"extractAt":249,"githubAt":248,"llmAt":250,"updatedAt":250},{"_creationTime":348,"_id":349,"community":350,"display":351,"identity":360,"providers":364,"relations":368,"workflow":370},1778054181056.284,"k17ed4at6by4838fqmpzsna8jn86740e",{"reviewCount":8},{"description":352,"installMethods":353,"name":354,"sourceUrl":355,"tags":356},"Sign in to the wallet. Use when you or the user want to log in, sign in, connect, or set up the wallet, or when any wallet operation fails with authentication or \"not signed in\" errors. This skill is a prerequisite before sending, trading, or funding.",{},"Agentic Wallet Authentication","https://github.com/coinbase/agentic-wallet-skills/tree/HEAD/skills/authenticate-wallet",[357,358,15,312,359],"wallet","authentication","nodejs",{"githubOwner":361,"githubRepo":362,"locale":26,"slug":363,"type":192},"coinbase","agentic-wallet-skills","authenticate-wallet",{"extract":365,"llm":367},{"commitSha":366,"license":184},"5cb01b587c407cba5c04ab2936dd7790b8a914aa",{"promptVersionExtension":168,"promptVersionScoring":169,"score":344,"targetMarket":174,"tier":175},{"repoId":369},"kd78mkx7eqwz3zppdqe8ndpg0n865b38",{"anyEnrichmentAt":371,"extractAt":372,"githubAt":371,"llmAt":373,"updatedAt":373},1778054181408,1778054181056,1778054210101]