Skills Guide

Python Dependency Manager

VerifiedSafe

This skill manages Python dependencies using uv. It checks installed and outdated packages, updates dependencies safely (with test verification), adds or removes packages, and audits for security vulnerabilities. It enforces rules like never removing a dependency without checking usage and always running tests after changes.

Sby Skills Guide Bot
DevelopmentIntermediate
1706/2/2026
Claude Code
#python#dependencies#uv#package-management#audit

Recommended for

Backend developerClaude CodeCode reviewFrontend developerFullstack developerRefactoring

Our review

Manages Python dependencies in a uv-based project, including auditing, updating, and compatibility checks.

Strengths

  • Automates updates with test verification
  • Detects outdated packages and security vulnerabilities
  • Respects version constraints (torch, sentence-transformers, neo4j)
  • Handles both main and dev dependencies

Limitations

  • Requires uv installed and a project configured with pyproject.toml
  • Only works for Python >=3.13
  • Security audit depends on the pip-audit tool (not directly integrated)
When to use it

For maintaining a Python project cleanly, checking versions, and applying updates without breaking compatibility.

When not to use it

For projects not using uv, older Python environments, or dependencies not managed via pyproject.toml.

Security analysis

Safe
Quality score90/100

The skill uses standard package management commands (uv) for checking, updating, adding, and removing Python dependencies. No destructive, exfiltrating, or obfuscated actions are instructed. All commands are legitimate and common in development workflows.

No concerns found

Examples

Check outdated dependencies
Check for outdated Python dependencies in this project.
Update a specific package
Update the package 'requests' to the latest version and run tests.
Security audit
Audit the Python dependencies for known security vulnerabilities.

name: deps description: Check, audit, and update Python dependencies invocation: user

Dependency Manager

Check, audit, and update Python dependencies.

Project Setup

  • Package manager: uv
  • Config: pyproject.toml
  • Lock file: uv.lock
  • Build system: hatchling
  • Python: >=3.13

Commands Reference

# Check installed versions
uv pip list

# Check outdated packages
uv pip list --outdated

# Sync dependencies
uv sync
uv sync --extra dev

# Add dependency
uv add <package>
uv add --dev <package>
uv add "<package>>=1.0,<2.0"

# Remove dependency
uv remove <package>

# Update lock file
uv lock

# Update specific package
uv lock --upgrade-package <package> && uv sync

# Update all
uv lock --upgrade && uv sync

Instructions

"check" or "status" (default)

  1. Run uv pip list to show installed packages
  2. Run uv pip list --outdated to show outdated packages
  3. Present a summary table of current vs latest versions
  4. Highlight packages with major version updates (potential breaking changes)

"update" or "upgrade"

  1. Show what would be updated (uv pip list --outdated)
  2. Ask user to confirm before proceeding
  3. For specific package: uv lock --upgrade-package <name> && uv sync
  4. For all: uv lock --upgrade && uv sync
  5. After updating, run uv run pytest to verify nothing broke
  6. If tests fail, identify which update caused failure and suggest reverting

"add <package>"

  1. Determine if main or dev dependency
  2. Run uv add <package> or uv add --dev <package>
  3. Verify in pyproject.toml
  4. Run uv run pytest to verify compatibility

"remove <package>"

  1. Search for imports of the package in the codebase
  2. Warn if the package is imported anywhere
  3. Run uv remove <package>
  4. Run uv run pytest to verify

"audit" or "security"

  1. Run uv pip list to get all packages
  2. Check for known vulnerabilities (suggest pip-audit if available)
  3. Report findings with severity and recommended actions

Key Considerations

  • torch is very large (~2GB). Updates should be deliberate.
  • litellm updates frequently and may introduce breaking changes.
  • sentence-transformers must remain compatible with the project's embedding model.
  • neo4j driver version must match the server version (currently 5-community).
  • Always run tests after any dependency change.
  • uv.lock should be committed after dependency changes.

Rules

  • NEVER remove a dependency without checking for usage first
  • NEVER update torch or sentence-transformers without explicit user consent
  • Always run tests after dependency changes
  • If uv sync fails, check Python version compatibility (requires >=3.13)
Related skills

Next.js App Router Expert

Development

A skill that turns Claude into a Next.js App Router expert.

Claude CodeCursoradvanced
890
234
2,846
Admin

README Generator

Development

Creates professional and comprehensive README.md files for your projects.

claudeCursorWindsurfbeginner
259
72
821
Admin

API Documentation Writer

Development

Generates comprehensive API documentation in OpenAPI/Swagger format.

claudeCursorWindsurfintermediate
156
44
682
Admin