License & Dependency Compliance Auditor
by rayyer
Automated open-source license audit and risk assessment based on your project's specific distribution model.
Ship agent workflows in 30 seconds. Browse 1,500+ expert-built and security scanned skills. Browse skills
THE AGENSI STORE
7 skills found
by rayyer
Automated open-source license audit and risk assessment based on your project's specific distribution model.
Audit and harden GitHub Actions workflows against overbroad permissions, secrets exposure, and supply-chain risks.
Vet dependency changes for supply-chain risk before you install, commit, or release. Scans package and lockfile diffs for install-time lifecycle scripts, non-registry sources, suspicious download commands, typosquatting, and floating versions, across npm, pnpm, yarn, pip, uv, and poetry. Flags what to review with evidence. No install required.
Audit your project's dependencies for supply-chain risk before they ship. Detects the ecosystem, runs the right vulnerability scanners against live advisory data, and adds the checks tooling misses — outdated or abandoned packages, typosquatted or suspicious names, risky install scripts, and license conflicts — then returns a prioritized fix list and a PASS / REVIEW / BLOCK verdict. It's npm audit with triage and judgment on top.
by Timoranjes
Evaluate third-party agent skills for command injection, prompt injection, and data exfiltration before installation.
by Timoranjes
Structured security auditing for AI agent skills to detect prompt injection, data exfiltration, and malicious commands.
Map supply chains, identify overlooked upstream chokepoints, score candidate quality, audit evidence, and generate research reports.