From ruflo-security-audit
Scan project dependencies for known vulnerabilities and CVEs. Use when auditing third-party packages, before releases, after `npm install`/lockfile changes, or when investigating reported CVE advisories.
How this skill is triggered — by the user, by Claude, or both
Slash command
/ruflo-security-audit:dependency-check [--path PATH][--path PATH]This skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Check dependencies for CVEs and outdated packages:
Check dependencies for CVEs and outdated packages:
npx @claude-flow/cli@latest security cve --list
npx @claude-flow/cli@latest security cve --severity critical
npx @claude-flow/cli@latest security scan --type deps --depth deep
npm audit --json
| Severity | Action |
|---|---|
| critical | Block deployment, fix immediately |
| high | Fix before next release |
| moderate | Schedule fix within sprint |
| low | Track in backlog |
Auto-fix via the scan command: npx @claude-flow/cli@latest security scan --type deps --fix
For continuous monitoring, dispatch via MCP:
mcp__claude-flow__hooks_worker-dispatch({ trigger: "audit" })
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
Manages knowledge base ingestion, sync, and retrieval across local files, MCP memory, vector stores, and Git repos. Use for saving, organizing, deduplicating, or searching knowledge.
6plugins reuse this skill
First indexed Jul 14, 2026
npx claudepluginhub hjain-spcg/claude-code-flow --plugin ruflo-security-audit