Runs Software Composition Analysis (SCA) to detect vulnerable dependencies. Wraps npm audit and Trivy fs. Use when user asks to "scan dependencies", "check npm vulnerabilities", "SCA scan", "dependency audit", "依存関係スキャン", "脆弱性チェック".
Runs Software Composition Analysis to detect vulnerable dependencies using npm audit and Trivy.
npx claudepluginhub naporin0624/claude-web-audit-pluginsThis skill inherits all available tools. When active, it can use any tool Claude has access to.
dist/index.jspackage.jsonsrc/index.tssrc/types.tstsconfig.jsonWrapper for npm audit and Trivy to perform Software Composition Analysis.
At least one of these tools must be installed:
# npm audit (built into npm)
npm --version
# Trivy (recommended for multi-language support)
brew install trivy
# or
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# Scan with auto-detection (prefers Trivy if available)
npx sca-runner .
# Force specific scanner
npx sca-runner . --scanner npm
npx sca-runner . --scanner trivy
# JSON output
npx sca-runner . --json
# Check available scanners
npx sca-runner --check
# Scan specific package file
npx sca-runner ./package-lock.json --scanner npm
| Scanner | Languages/Files |
|---|---|
| npm audit | Node.js (package-lock.json) |
| Trivy | Node.js, Python, Go, Ruby, Rust, Java, .NET |
{
"tool": "trivy",
"scanPath": ".",
"scanDate": "2024-01-15T10:30:00Z",
"findings": [
{
"id": "CVE-2024-1234",
"severity": "critical",
"package": "lodash",
"installedVersion": "4.17.20",
"fixedVersion": "4.17.21",
"title": "Prototype Pollution",
"description": "...",
"cvss": 9.8,
"cwes": ["CWE-1321"],
"references": ["https://nvd.nist.gov/..."]
}
],
"summary": {
"total": 5,
"critical": 1,
"high": 2,
"medium": 1,
"low": 1
}
}
0: No vulnerabilities found1: Vulnerabilities detected2: Tool not installed or errorActivates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.
Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.