From ruflo-security-audit
Scan project dependencies for known vulnerabilities and CVEs. Use when auditing third-party packages, before releases, after `npm install`/lockfile changes, or when investigating reported CVE advisories.
How this skill is triggered — by the user, by Claude, or both
Slash command
/ruflo-security-audit:dependency-check [--path PATH][--path PATH]This skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Check dependencies for CVEs and outdated packages:
Check dependencies for CVEs and outdated packages:
npx @claude-flow/cli@latest security cve --list
npx @claude-flow/cli@latest security cve --severity critical
npx @claude-flow/cli@latest security scan --type deps --depth deep
npm audit --json
| Severity | Action |
|---|---|
| critical | Block deployment, fix immediately |
| high | Fix before next release |
| moderate | Schedule fix within sprint |
| low | Track in backlog |
Auto-fix via the scan command: npx @claude-flow/cli@latest security scan --type deps --fix
For continuous monitoring, dispatch via MCP:
mcp__claude-flow__hooks_worker-dispatch({ trigger: "audit" })
npx claudepluginhub meefs/claude-code-flow --plugin ruflo-security-auditGuides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
4plugins reuse this skill
First indexed Jul 14, 2026