Update Deps
技能 已验证 活跃Audit and update npm/Bun dependencies with supply chain integrity checks — verifies maintainers, publish age, tarball diffs, and provenance before bumping. Defers risky packages to ~/.supply-chain/notes/.
To ensure the integrity and security of project dependencies by performing thorough supply chain checks before updating packages, minimizing risks associated with outdated or compromised libraries.
功能
- Audits npm/Bun dependencies for supply chain integrity
- Verifies maintainers, publish age, tarball diffs, and provenance
- Safely bumps dependencies based on audit results
- Defers risky packages for manual review
- Logs all audit and update results locally
使用场景
- When updating project dependencies to the latest versions
- When a project's dependencies haven't been updated in a while
- Before merging a pull request that includes dependency updates
- To proactively identify and mitigate supply chain risks in project dependencies
非目标
- Automatically updating all dependencies without review
- Handling non-npm/Bun package managers
- Performing code-level security analysis of the project's own codebase
- Replacing a full CI/CD pipeline
安装
npx skills add backnotprop/plannotator通过 npx 运行 Vercel skills CLI(skills.sh)— 需要本地安装 Node.js,以及至少一个兼容 skills 的智能体(Claude Code、Cursor、Codex 等)。前提是仓库遵循 agentskills.io 格式。
质量评分
已验证类似扩展
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Vector Setup
100First-run setup for ruvector@0.2.25 — installs ONNX/Brain/SONA add-ons, registers the MCP server, and verifies the install via `doctor`
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Clawsec Scanner
100Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.