1

    auditor-for-dependencies

    by Markus Isaksson

    Deep-scan your project dependencies for vulnerabilities, maintenance health, version rot, and license risks.

    Updated May 2026
    Security scanned
    One-time purchase

    $9

    One-time purchase

    ⚡ Also available via Agensi MCP — your AI agent can load this skill on demand via MCP. Learn more →

    Included in download

    • Identify critical CVEs in direct and transitive dependencies
    • Detect unmaintained or abandoned packages in your tech stack
    • terminal, file_read, network automation included
    • Includes example output and usage patterns
    • Instant install

    See it in action

    Finding #1 — axios@0.21.1
Issue: Advisory (GHSA-8hcg-m86p-m8q9)
Severity: High
Details: SSRF vulnerability in axios.get()
Direct/Transitive: Direct
Fix: Upgrade to 0.21.4
Effort: trivial
Summary: 1 High, 3 Medium issues found. Run `npm install axios@latest` to resolve the primary risk.

    About This Skill

    What it does

    Dependency Auditor is a comprehensive security and health check for your project's supply chain. It goes beyond simple vulnerability scanning by evaluating four critical dimensions: Known Advisories, Version Staleness, Maintenance Health, and License Compliance.

    Why use this skill

    Prompting an AI to "check my packages" often results in hallucinations or outdated information. This skill follows a rigorous developer workflow: it parses your actual lockfiles (ensuring transitive dependencies are included), utilizes native tools like npm audit or cargo audit, and cross-references live advisory databases (GHSA, OSV.dev). It identifies abandoned packages that haven't been updated in years and flags risky licenses (like AGPL) before they become a legal liability.

    Supported Ecosystems

    • JavaScript/TypeScript: npm, yarn, pnpm
    • Python: pip, poetry, uv, Pipenv
    • Rust: Cargo
    • Go: Go Modules
    • Java/Kotlin: Maven, Gradle
    • Ruby: Bundler

    The Output

    The skill produces a prioritized remediation plan. Each finding includes the severity, the root cause (direct vs. transitive), a specific fix version, and an estimated effort score (trivial to high). You receive a clean summary and the exact commands needed to patch your environment immediately.

    📖 Learn more: Best DevOps & Deployment Skills for Claude Code →

    Use Cases

    • Identify critical CVEs in direct and transitive dependencies
    • Detect unmaintained or abandoned packages in your tech stack
    • Scan for license compatibility issues across your entire supply chain
    • Generate a prioritized remediation plan before a major release

    Reviews

    No reviews yet - be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    Terminal / Shell
    Read Files
    Network Access

    Reads dependency manifests and queries advisory databases (GHSA, OSV) when native audit tools aren't available. Does not modify lockfiles — outputs a report with recommended commands for the user to run.

    Tags

    security
    dependency-management
    devops
    compliance
    javascript
    python

    Creator

    Markus Isaksson

    Frequently Asked Questions

    Learn More About AI Agent Skills

    Similar Skills

    code-reviewer

    Reviews your code for bugs, security vulnerabilities, logic errors, performance issues, and style violations. Organizes findings by severity and suggests fixes with code examples.

    Free275 installs

    git-commit-writer

    Writes conventional commit messages by analyzing your staged git changes. Detects commit type, scope, and breaking changes automatically.

    Free126 installs

    env-doctor

    Diagnoses why your project will not start. Checks runtime versions, dependencies, environment variables, databases, ports, and build artifacts systematically.

    Free64 installs

    seo-optimizer

    SEO optimizer and banned-word scanner for Chinese social media. Keyword optimization and advertising law compliance.

    Free58 installs

    $9

    One-time