Stats
Actions
Tags
From security
Scans project dependencies for CVEs and vulnerabilities across npm, pip, .NET, and Rust ecosystems using npm audit, pip-audit, dotnet list, and cargo audit. Generates reports with severity tables, CVE details, and remediation plans.
How this skill is triggered — by the user, by Claude, or both
Slash command
/security:check-depsThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Analyze project dependencies for known vulnerabilities and security issues.
Analyze project dependencies for known vulnerabilities and security issues.
/security:check-deps # Auto-detect and check all ecosystems
/security:check-deps --npm # Check npm dependencies only
/security:check-deps --pip # Check Python dependencies only
/security:check-deps --dotnet # Check .NET dependencies only
/security:check-deps --cargo # Check Rust dependencies only
/security:check-deps --all # Explicitly check all ecosystems
Delegate to the dependency-checker agent with the following prompt:
If no arguments or --all:
"Analyze this project's dependencies for known vulnerabilities. Auto-detect the package ecosystem(s) in use (npm, pip, .NET, Rust, etc.) and run appropriate security audits. Generate a dependency security report with CVE details, CVSS scores, fix availability, and prioritized remediation recommendations."
If --npm argument:
"Analyze npm/Node.js dependencies for known vulnerabilities using npm audit. Generate a dependency security report with CVE details, CVSS scores, fix availability, and prioritized remediation recommendations including upgrade paths and override options."
If --pip argument:
"Analyze Python dependencies for known vulnerabilities using pip-audit. Generate a dependency security report with CVE details, CVSS scores, fix availability, and prioritized remediation recommendations."
If --dotnet argument:
"Analyze .NET dependencies for known vulnerabilities using dotnet list package --vulnerable. Generate a dependency security report with CVE details, CVSS scores, fix availability, and prioritized remediation recommendations."
If --cargo argument:
"Analyze Rust dependencies for known vulnerabilities using cargo audit. Generate a dependency security report with CVE details, CVSS scores, fix availability, and prioritized remediation recommendations."
The dependency-checker agent produces a report including:
npx claudepluginhub melodic-software/claude-code-plugins --plugin securityAudits project dependencies from package.json, requirements.txt, go.mod, Gemfile for CVEs, outdated packages, transitive issues, licenses, and supply chain risks. Provides severity assessments, remediation suggestions, and prioritized reports.
Scans project dependencies for known CVEs across npm, pip, cargo, Go, and Java ecosystems. Reports vulnerable packages with severity, affected versions, and fixes.
Audits dependencies for vulnerabilities, outdated versions, transitive issues, and licenses in Node.js, Python, PHP, Ruby, Go, and Rust projects using npm audit, pip-audit, and equivalents.