Skill

sca-runner

Runs Software Composition Analysis (SCA) to detect vulnerable dependencies. Wraps npm audit and Trivy fs. Use when user asks to "scan dependencies", "check npm vulnerabilities", "SCA scan", "dependency audit", "依存関係スキャン", "脆弱性チェック".

Install

npx claudepluginhub joshuarweaver/cascade-code-testing-misc --plugin naporin0624-claude-web-audit-plugins

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Wrapper for npm audit and Trivy to perform Software Composition Analysis.

Supporting Assets

dist/index.jspackage.jsonsrc/index.tssrc/types.tstsconfig.json

SKILL.md

Similar Skills

skill-lookup

Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.

prompts.chat

159.9k

prompt-lookup

Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.

prompts.chat

159.9k

next-compile

1 file

Checks Next.js compilation errors using a running Turbopack dev server after code edits. Fixes actionable issues before reporting complete. Replaces `next build`.

vercel-next-js-2

139.2k

Stats

Stars2

Forks0

Last CommitDec 24, 2025

Used By2 plugins

Actions

View Source View Plugin View on GitHub View README

SCA Runner

Wrapper for npm audit and Trivy to perform Software Composition Analysis.

Prerequisites

At least one of these tools must be installed:

# npm audit (built into npm) npm --version # Trivy (recommended for multi-language support) brew install trivy # or curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin

Usage

# Scan with auto-detection (prefers Trivy if available) npx sca-runner . # Force specific scanner npx sca-runner . --scanner npm npx sca-runner . --scanner trivy # JSON output npx sca-runner . --json # Check available scanners npx sca-runner --check # Scan specific package file npx sca-runner ./package-lock.json --scanner npm

Supported Package Managers

Scanner

Languages/Files

npm audit

Node.js (package-lock.json)

Trivy

Node.js, Python, Go, Ruby, Rust, Java, .NET

Output Format

{ "tool": "trivy", "scanPath": ".", "scanDate": "2024-01-15T10:30:00Z", "findings": [ { "id": "CVE-2024-1234", "severity": "critical", "package": "lodash", "installedVersion": "4.17.20", "fixedVersion": "4.17.21", "title": "Prototype Pollution", "description": "...", "cvss": 9.8, "cwes": ["CWE-1321"], "references": ["https://nvd.nist.gov/..."] } ], "summary": { "total": 5, "critical": 1, "high": 2, "medium": 1, "low": 1 } }

Exit Codes

0: No vulnerabilities found

1: Vulnerabilities detected

2: Tool not installed or error

Common CVEs Detected

Prototype Pollution (CWE-1321)

Regular Expression DoS (CWE-1333)

Path Traversal (CWE-22)

Code Injection (CWE-94)

Denial of Service (CWE-400)

SCA Runner

Wrapper for npm audit and Trivy to perform Software Composition Analysis.

Prerequisites

At least one of these tools must be installed:

# npm audit (built into npm)
npm --version

# Trivy (recommended for multi-language support)
brew install trivy
# or
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin

Usage

# Scan with auto-detection (prefers Trivy if available)
npx sca-runner .

# Force specific scanner
npx sca-runner . --scanner npm
npx sca-runner . --scanner trivy

# JSON output
npx sca-runner . --json

# Check available scanners
npx sca-runner --check

# Scan specific package file
npx sca-runner ./package-lock.json --scanner npm

Supported Package Managers

Scanner	Languages/Files
npm audit	Node.js (package-lock.json)
Trivy	Node.js, Python, Go, Ruby, Rust, Java, .NET

Output Format

{
  "tool": "trivy",
  "scanPath": ".",
  "scanDate": "2024-01-15T10:30:00Z",
  "findings": [
    {
      "id": "CVE-2024-1234",
      "severity": "critical",
      "package": "lodash",
      "installedVersion": "4.17.20",
      "fixedVersion": "4.17.21",
      "title": "Prototype Pollution",
      "description": "...",
      "cvss": 9.8,
      "cwes": ["CWE-1321"],
      "references": ["https://nvd.nist.gov/..."]
    }
  ],
  "summary": {
    "total": 5,
    "critical": 1,
    "high": 2,
    "medium": 1,
    "low": 1
  }
}

Exit Codes

0: No vulnerabilities found
1: Vulnerabilities detected
2: Tool not installed or error

Common CVEs Detected

Prototype Pollution (CWE-1321)
Regular Expression DoS (CWE-1333)
Path Traversal (CWE-22)
Code Injection (CWE-94)
Denial of Service (CWE-400)