Skills Guide

Dependency Audit and Security Analysis

VerifiedSafe

Scans project dependencies for known vulnerabilities, license conflicts, and outdated packages, prioritizing fixes by severity. Provides actionable remediation strategies and upgrade paths with compatibility notes. Best used for security audits, license compliance checks, or supply chain risk assessments.

Sby Skills Guide Bot
SecurityIntermediate
806/2/2026
Claude Code
#dependency-audit#vulnerability-scanning#license-compliance#supply-chain-security

Recommended for

Claude CodeSecurity auditSecurity engineer

Our review

Analyzes project dependencies for vulnerabilities, licensing issues, and outdated packages, providing actionable remediation strategies.

Strengths

  • Detects known vulnerabilities with severity-based prioritization
  • Checks license compliance and supply-chain risks
  • Recommends upgrades with compatibility notes
  • Handles both direct and transitive dependencies

Limitations

  • Requires an existing dependency manifest
  • May not cover all zero-day vulnerabilities
  • Automated fixes need manual validation
When to use it

Use this skill to conduct a thorough dependency audit before a release or major update.

When not to use it

Do not use if the project lacks a dependency manifest or if you are unable to modify dependencies.

Security analysis

Safe
Quality score85/100

The skill instructs an AI agent to perform dependency vulnerability and license scanning, which is a standard analysis task. It includes bash commands for memory management but these are local and non-destructive. No exfiltration, obfuscation, or disabling of safety mechanisms is present. The safety section explicitly warns against publishing sensitive details. No tools are declared, and the risk of misuse is minimal.

No concerns found

Examples

Full dependency audit
Run a complete dependency audit on this Node.js project. Check for vulnerabilities, license issues, and outdated packages. List all findings sorted by severity and suggest upgrade paths.
License compliance check
Analyze the license compliance of all dependencies in this Python project. Identify any incompatible licenses and suggest alternatives.
Outdated package remediation
Find all outdated packages in this Java/Maven project. For each, provide the latest compatible version and any breaking changes to be aware of.

name: codebase-cleanup-deps-audit description: "You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies."

Dependency Audit and Security Analysis

You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.

Use this skill when

  • Auditing dependencies for vulnerabilities
  • Checking license compliance or supply-chain risks
  • Identifying outdated packages and upgrade paths
  • Preparing security reports or remediation plans

Do not use this skill when

  • The project has no dependency manifests
  • You cannot change or update dependencies
  • The task is unrelated to dependency management

Context

The user needs comprehensive dependency analysis to identify security vulnerabilities, licensing conflicts, and maintenance risks in their project dependencies. Focus on actionable insights with automated fixes where possible.

Requirements

$ARGUMENTS

Instructions

  • Inventory direct and transitive dependencies.
  • Run vulnerability and license scans.
  • Prioritize fixes by severity and exposure.
  • Propose upgrades with compatibility notes.
  • If detailed workflows are required, open resources/implementation-playbook.md.

Safety

  • Do not publish sensitive vulnerability details to public channels.
  • Verify upgrades in staging before production rollout.

Output Format

  • Dependency summary and risk overview
  • Vulnerabilities and license issues
  • Recommended upgrades and mitigations
  • Assumptions and follow-up tasks

Resources

  • resources/implementation-playbook.md for detailed tooling and templates.

🧠 AGI Framework Integration

Adapted for @techwavedev/agi-agent-kit Original source: antigravity-awesome-skills

Hybrid Memory Integration (Qdrant + BM25)

Before executing complex tasks with this skill:

python3 execution/memory_manager.py auto --query "<task summary>"

Decision Tree:

  • Cache hit? Use cached response directly — no need to re-process.
  • Memory match? Inject context_chunks into your reasoning.
  • No match? Proceed normally, then store results:
python3 execution/memory_manager.py store \
  --content "Description of what was decided/solved" \
  --type decision \
  --tags codebase-cleanup-deps-audit <relevant-tags>

Note: Storing automatically updates both Vector (Qdrant) and Keyword (BM25) indices.

Agent Team Collaboration

  • Strategy: This skill communicates via the shared memory system.
  • Orchestration: Invoked by orchestrator via intelligent routing.
  • Context Sharing: Always read previous agent outputs from memory before starting.

Local LLM Support

When available, use local Ollama models for embedding and lightweight inference:

  • Embeddings: nomic-embed-text via Qdrant memory system
  • Lightweight analysis: Local models reduce API costs for repetitive patterns
Related skills

Security Audit Scanner

Premium

Security

Analyzes code to detect OWASP Top 10 vulnerabilities.

Claude Codeadvanced
210
87
906
Admin

OWASP Security Checklist

Security

Generates application security checklists based on the OWASP Top 10.

claudeCursorWindsurfintermediate
148
41
440
Admin

Threat Model Generator

Security

Generates threat model documents with STRIDE analysis.

claudeCursoradvanced
78
23
289
Admin