Skill

check-deps

Scans project dependencies for CVEs and vulnerabilities across npm, pip, .NET, and Rust ecosystems using npm audit, pip-audit, dotnet list, and cargo audit. Generates reports with severity tables, CVE details, and remediation plans.

Node

Python

.NET

Rust

security

npx claudepluginhub melodic-software/claude-code-plugins --plugin security

Tool Access

This skill is limited to using the following tools:

Task

Preview

Analyze project dependencies for known vulnerabilities and security issues.

SKILL.md

Similar Skills

dependency-auditor

Audits project dependencies from package.json, requirements.txt, go.mod, Gemfile for CVEs, outdated packages, transitive issues, licenses, and supply chain risks. Provides severity assessments, remediation suggestions, and prioritized reports.

devkit

Overview

Scans project dependencies for known CVEs across npm, pip, cargo, Go, and Java ecosystems. Reports vulnerable packages with severity, affected versions, and fixes.

syncable-cli-skills

analyzing-dependencies

2.1k

Audits dependencies for vulnerabilities, outdated versions, transitive issues, and licenses in Node.js, Python, PHP, Ruby, Go, and Rust projects using npm audit, pip-audit, and equivalents.

7 files8 tools

dependency-checker

Stats

Parent Repo Stars63

Parent Repo Forks9

Last CommitFeb 15, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Check Dependencies Command

Analyze project dependencies for known vulnerabilities and security issues.

Usage

/security:check-deps               # Auto-detect and check all ecosystems
/security:check-deps --npm         # Check npm dependencies only
/security:check-deps --pip         # Check Python dependencies only
/security:check-deps --dotnet      # Check .NET dependencies only
/security:check-deps --cargo       # Check Rust dependencies only
/security:check-deps --all         # Explicitly check all ecosystems

Execution

Delegate to the dependency-checker agent with the following prompt:

If no arguments or --all: "Analyze this project's dependencies for known vulnerabilities. Auto-detect the package ecosystem(s) in use (npm, pip, .NET, Rust, etc.) and run appropriate security audits. Generate a dependency security report with CVE details, CVSS scores, fix availability, and prioritized remediation recommendations."

If --npm argument: "Analyze npm/Node.js dependencies for known vulnerabilities using npm audit. Generate a dependency security report with CVE details, CVSS scores, fix availability, and prioritized remediation recommendations including upgrade paths and override options."

If --pip argument: "Analyze Python dependencies for known vulnerabilities using pip-audit. Generate a dependency security report with CVE details, CVSS scores, fix availability, and prioritized remediation recommendations."

If --dotnet argument: "Analyze .NET dependencies for known vulnerabilities using dotnet list package --vulnerable. Generate a dependency security report with CVE details, CVSS scores, fix availability, and prioritized remediation recommendations."

If --cargo argument: "Analyze Rust dependencies for known vulnerabilities using cargo audit. Generate a dependency security report with CVE details, CVSS scores, fix availability, and prioritized remediation recommendations."

Output

The dependency-checker agent produces a report including:

Summary table by severity (Critical/High/Medium/Low) with fixable counts
Detailed CVE information for each vulnerability
Affected dependency paths (direct vs transitive)
Remediation plan with upgrade recommendations
Supply chain risk factors (abandoned packages, typosquatting, etc.)