Skill

Overview

Scans project dependencies for known CVEs across npm, pip, cargo, Go, and Java ecosystems. Reports vulnerable packages with severity, affected versions, and fixes.

Javascript

Python

Rust

Java

security

npx claudepluginhub syncable-dev/syncable-cli --plugin syncable-cli-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Scan project dependencies for known CVEs across npm, pip, cargo, go, and java ecosystems. Returns vulnerable packages with severity, affected versions, and available fixes.

SKILL.md

Similar Skills

design-system

167.4k

Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.

team-skills-platform

ui-demo

167.4k

Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.

team-skills-platform

kotlin-patterns

167.4k

Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.

team-skills-platform

Stats

Parent Repo Stars35

Parent Repo Forks7

Last CommitMar 31, 2026

Actions

View Source View Plugin View on GitHub View README

Overview

Scan project dependencies for known CVEs across npm, pip, cargo, go, and java ecosystems. Returns vulnerable packages with severity, affected versions, and available fixes.

Flags

Flag	Purpose
`--agent`	Compressed output (always use)
`--severity {low\|medium\|high\|critical}`	Minimum severity threshold
`--output <FILE>`	Write report to file

Steps

1. Run vulnerability scan

sync-ctl vulnerabilities <PATH> --agent

Success criteria: JSON output with summary containing severity counts.

2. Report to user

Priority: critical/high CVEs with fixes (actionable) > critical/high without fixes (risk flag) > medium/low (mention count only, don't enumerate unless asked).

3. Retrieve details (if needed)

Compressed output includes critical + first 10 high findings. Medium/low are counts only:

sync-ctl retrieve <ref_id> --query "severity:medium"
sync-ctl retrieve <ref_id> --query "severity:low"
sync-ctl retrieve <ref_id> --query "file:services/api"

Results paginated (default 20). Use --limit N --offset M for more.

Available queries: severity:<level>, file:<path>

Error Handling

Error	Action
`tool not found` / scanner missing	Run `sync-ctl tools install --yes`, then retry
`No dependencies found`	Run `sync-ctl analyze <PATH> --agent` first to verify dependencies exist
Timeout on large dep tree	Try scanning specific subdirectories