スキル dependency-audit-assistant
🛡️

dependency-audit-assistant

低リスク ⚙️ 外部コマンド⚡ スクリプトを含む📁 ファイルシステムへのアクセス

Audit Dependencies for Security and Licenses

Projects accumulate vulnerabilities in dependencies over time. This skill audits packages for security issues, outdated versions, and license compliance across npm, pip, bundler, and go modules.

対応: Claude Codex Code(CC)
⚠️ 68 貧弱
1

スキルZIPをダウンロード

2

Claudeでアップロード

設定 → 機能 → スキル → スキルをアップロードへ移動

3

オンにして利用開始

テストする

「dependency-audit-assistant」を使用しています。 Run a dependency audit on this project

期待される結果:

  • Vulnerabilities: 3 High, 5 Moderate, 2 Low
  • Outdated Packages: 12 (3 major updates available)
  • License Issues: 2 packages with unknown licenses
  • Top Priority: Update lodash@4.17.15 to fix prototype pollution (CVE-2020-8203)
  • Command: npm install lodash@4.17.21

セキュリティ監査

低リスク
v5 • 1/16/2026

This is a legitimate dependency auditing skill consisting of documentation and a license-checking shell script. The script runs standard package manager commands (npm, pip, bundle, go) for license detection, which is appropriate for its stated purpose. No malicious behavior or data exfiltration detected.

5
スキャンされたファイル
1,331
解析された行数
3
検出結果
5
総監査数

リスク要因

⚙️ 外部コマンド (4)
reference/common-vulnerabilities.md:1-328 reference/licenses.md:1-267 scripts/check-licenses.sh:1-190 SKILL.md:1-314
⚡ スクリプトを含む (1)
scripts/check-licenses.sh:1-190
📁 ファイルシステムへのアクセス (1)
scripts/check-licenses.sh:44-144
監査者: claude 監査履歴を表示 →

品質スコア

45
アーキテクチャ
100
保守性
81
コンテンツ
19
コミュニティ
90
セキュリティ
91
仕様準拠

作れるもの

Pre-release Security Checks

Run comprehensive audits before deploying to production. Identify critical vulnerabilities requiring immediate attention.

CI/CD Pipeline Integration

Audit dependencies during build processes. Generate reports for compliance and security documentation.

License Compliance Review

Identify GPL/AGPL dependencies that may conflict with project licensing. Find alternatives for problematic packages.

これらのプロンプトを試す

Basic Audit 
Run a dependency audit on this project. Check for vulnerabilities, outdated packages, and license issues.
Security Focus 
Find all security vulnerabilities in the dependencies. Prioritize by severity and provide fix recommendations.
License Review 
Check all dependency licenses. Flag any GPL, AGPL, or unknown licenses that may cause compliance issues.
Full Report 
Generate a complete dependency audit report including: vulnerability count by severity, outdated packages list, license summary, and prioritized action items with commands to run.

ベストプラクティス

  • Run audits regularly, not just before releases
  • Address critical and high vulnerabilities immediately
  • Test all updates in staging before production deployment
  • Document decisions about accepted risks or pinned versions

回避

  • Ignoring low-severity vulnerabilities without assessment
  • Updating major versions without reviewing changelogs
  • Accepting unknown licenses without investigation
  • Skipping audits due to time pressure

よくある質問

Which package managers are supported?
npm, Yarn, pnpm, pip, Poetry, Bundler, Maven, Gradle, Go modules, Cargo, and Composer.
How are vulnerabilities prioritized?
By CVSS severity: Critical, High, Moderate, Low. Exploitability and exposure context are also considered.
Can this skill fix vulnerabilities automatically?
No. It provides the commands to run (like npm audit fix) but you must execute them and verify results.
Is my project data safe?
Yes. The skill only reads package manifest files and runs read-only audit commands against your dependencies.
What if no package manager is detected?
The skill will report that no recognized package files were found and suggest supported formats to check.
How does this compare to Snyk or Dependabot?
This skill provides quick audits using built-in tools. For continuous monitoring and advanced features, use dedicated services like Snyk or GitHub Dependabot.

開発者の詳細

作成者

CrazyDubya

ライセンス

MIT

リポジトリ

https://github.com/CrazyDubya/claude-skills/tree/main/dependency-audit-assistant

参照

main

ファイル構成

📁 reference/

📄 common-vulnerabilities.md

📄 licenses.md

📁 scripts/

📄 check-licenses.sh

📄 SKILL.md