Stats
Actions
Tags
From omo
Dependency security audit — run ecosystem-specific audit tools and cross-verify new or updated dependencies. Activate when #da appears anywhere in the user message.
How this skill is triggered — by the user, by Claude, or both
Slash command
/omo:dep-auditThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Audit dependencies for: $ARGUMENTS
Audit dependencies for: $ARGUMENTS
Phase 1 — Detect ecosystem:
package.json / package-lock.json / yarn.lock / pnpm-lock.yaml → Node.jsrequirements.txt / Pipfile / pyproject.toml / poetry.lock → Pythongo.mod → GoCargo.toml → RustPhase 2 — Run audit tools:
For each detected ecosystem:
npm audit --json 2>/dev/null or yarn audit --json 2>/dev/nullpip-audit 2>/dev/null or safety check 2>/dev/nullgovulncheck ./... 2>/dev/nullcargo audit 2>/dev/nullIf an audit tool is not installed, note it and skip.
Phase 3 — New dependency check:
git diff HEAD for newly added dependencies.Phase 4 — Report:
Dependency Audit
================
Ecosystem: [detected]
Total dependencies: N
Vulnerabilities found: N (critical: N, high: N, medium: N, low: N)
New dependencies:
- <name>@<version>: <assessment>
Recommendations:
- [action items]
npx claudepluginhub speson/omo --plugin omoAudit project dependencies for known vulnerabilities using ecosystem-specific tools (npm audit, composer audit, pip-audit, cargo audit, etc).
Scans project dependencies for known security vulnerabilities using ecosystem-specific audit tools (npm, yarn, pnpm, pip, cargo, govulncheck, gradle). Supports severity filtering and automatic fixes.
Audits npm dependencies for vulnerabilities and outdated packages, reporting CVEs with fix commands and severity levels.