Notre avis
Analyse les dépendances d'un projet pour détecter les vulnérabilités, les problèmes de licence et les packages obsolètes, et propose des correctifs.
Points forts
- Identifie les vulnérabilités connues avec priorisation par sévérité
- Vérifie la conformité des licences
- Propose des mises à niveau avec notes de compatibilité
- Gère les dépendances directes et transitives
Limites
- Nécessite un manifeste de dépendances existant
- Peut ne pas couvrir toutes les vulnérabilités zero-day
- Les correctifs automatiques nécessitent une validation manuelle
Utilisez cette compétence pour auditer régulièrement les dépendances d'un projet avant un déploiement ou une mise à jour majeure.
Ne l'utilisez pas si le projet n'a pas de gestionnaire de dépendances ou si vous ne pouvez pas modifier les dépendances.
Analyse de sécurité
SûrThe skill instructs an AI agent to perform dependency vulnerability and license scanning, which is a standard analysis task. It includes bash commands for memory management but these are local and non-destructive. No exfiltration, obfuscation, or disabling of safety mechanisms is present. The safety section explicitly warns against publishing sensitive details. No tools are declared, and the risk of misuse is minimal.
Aucun point d'attention détecté
Exemples
Run a complete dependency audit on this Node.js project. Check for vulnerabilities, license issues, and outdated packages. List all findings sorted by severity and suggest upgrade paths.Analyze the license compliance of all dependencies in this Python project. Identify any incompatible licenses and suggest alternatives.Find all outdated packages in this Java/Maven project. For each, provide the latest compatible version and any breaking changes to be aware of.name: codebase-cleanup-deps-audit description: "You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies."
Dependency Audit and Security Analysis
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.
Use this skill when
- Auditing dependencies for vulnerabilities
- Checking license compliance or supply-chain risks
- Identifying outdated packages and upgrade paths
- Preparing security reports or remediation plans
Do not use this skill when
- The project has no dependency manifests
- You cannot change or update dependencies
- The task is unrelated to dependency management
Context
The user needs comprehensive dependency analysis to identify security vulnerabilities, licensing conflicts, and maintenance risks in their project dependencies. Focus on actionable insights with automated fixes where possible.
Requirements
$ARGUMENTS
Instructions
- Inventory direct and transitive dependencies.
- Run vulnerability and license scans.
- Prioritize fixes by severity and exposure.
- Propose upgrades with compatibility notes.
- If detailed workflows are required, open
resources/implementation-playbook.md.
Safety
- Do not publish sensitive vulnerability details to public channels.
- Verify upgrades in staging before production rollout.
Output Format
- Dependency summary and risk overview
- Vulnerabilities and license issues
- Recommended upgrades and mitigations
- Assumptions and follow-up tasks
Resources
resources/implementation-playbook.mdfor detailed tooling and templates.
🧠 AGI Framework Integration
Adapted for @techwavedev/agi-agent-kit Original source: antigravity-awesome-skills
Hybrid Memory Integration (Qdrant + BM25)
Before executing complex tasks with this skill:
python3 execution/memory_manager.py auto --query "<task summary>"
Decision Tree:
- Cache hit? Use cached response directly — no need to re-process.
- Memory match? Inject
context_chunksinto your reasoning. - No match? Proceed normally, then store results:
python3 execution/memory_manager.py store \
--content "Description of what was decided/solved" \
--type decision \
--tags codebase-cleanup-deps-audit <relevant-tags>
Note: Storing automatically updates both Vector (Qdrant) and Keyword (BM25) indices.
Agent Team Collaboration
- Strategy: This skill communicates via the shared memory system.
- Orchestration: Invoked by
orchestratorvia intelligent routing. - Context Sharing: Always read previous agent outputs from memory before starting.
Local LLM Support
When available, use local Ollama models for embedding and lightweight inference:
- Embeddings:
nomic-embed-textvia Qdrant memory system - Lightweight analysis: Local models reduce API costs for repetitive patterns
Auditeur de Securite
Securite
Analyse le code pour detecter les vulnerabilites OWASP Top 10.
Checklist de Sécurité OWASP
Securite
Génère des checklists de sécurité applicative basées sur l'OWASP Top 10.
Modélisation de Menaces
Securite
Génère des documents de modélisation de menaces avec analyse STRIDE.