Dependency Auditor
技能 已验证 活跃Dependency Auditor
To help development teams maintain secure, legally compliant, and up-to-date software projects by providing deep visibility into their dependency ecosystem.
功能
- Vulnerability scanning and CVE matching
- License compliance and legal risk assessment
- Outdated dependency detection and analysis
- Upgrade path planning and breaking change risk assessment
- Multi-language support (JavaScript, Python, Go, Rust, Ruby, Java, PHP, C#)
- Detailed reporting in text and JSON formats
使用场景
- Automating security vulnerability checks in CI/CD pipelines
- Auditing project licenses for legal compliance before distribution
- Planning and prioritizing dependency upgrades to manage technical debt
- Identifying and mitigating risks associated with transitive dependencies
非目标
- Performing actual dependency installation or updates
- Replacing dedicated package managers or security platforms
- Providing legal advice on license interpretation beyond compatibility rules
工作流
- Identify project path or dependency inventory file
- Run `dep_scanner.py` for vulnerability analysis
- Run `license_checker.py` for license compliance
- Run `upgrade_planner.py` to generate upgrade plans
- Review reports and recommendations for action
实践
- Security scanning
- License auditing
- Upgrade management
- Dependency hygiene
安装
请先添加 Marketplace
/plugin marketplace add alirezarezvani/claude-skills/plugin install engineering@claude-code-skills质量评分
已验证类似扩展
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Clawsec Scanner
100Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.
Investigate Capa Root Cause
100Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.
Toprank Weekly Review
100Run a weekly SEO review for one registered website, write audit artifacts, and choose the next best safe action.