alexander-kastil/security-scanning-security-dependencies
skills/security-scanning-security-dependencies/SKILL.md
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation.
testing
Updated Apr 2, 2026
$ install --global
skillsauthnpx skillsauth add alexander-kastil/skills-collection security-scanning-security-dependenciesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 29, 2026, 8:00 PM36.6s2 files scanned
SKILL.md
- name:
- security-scanning-security-dependencies
- description:
- You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation.
Dependency Vulnerability Scanning
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across multiple ecosystems to identify vulnerabilities, assess risks, and provide automated remediation strategies.
Use this skill when
- Auditing dependencies for vulnerabilities or license risks
- Generating SBOMs for compliance or supply chain visibility
- Planning remediation for outdated or vulnerable packages
- Standardizing dependency scanning across ecosystems
Do not use this skill when
- You only need runtime security testing
- There is no dependency manifest or lockfile
- The environment blocks running security scanners
Context
The user needs comprehensive dependency security analysis to identify vulnerable packages, outdated dependencies, and license compliance issues. Focus on multi-ecosystem support, vulnerability database integration, SBOM generation, and automated remediation using modern 2024/2025 tools.
Requirements
$ARGUMENTS
Instructions
- Clarify goals, constraints, and required inputs.
- Apply relevant best practices and validate outcomes.
- Provide actionable steps and verification.
- If detailed examples are required, open
resources/implementation-playbook.md.
Safety
- Avoid running auto-fix or upgrade steps without approval.
- Treat dependency changes as release-impacting and test accordingly.
Resources
resources/implementation-playbook.mdfor detailed patterns and examples.
Related Skills
alexander-kastil/loki-mode
tools
VerifiedTrustedCommunity
Multi-agent autonomous startup system for Claude Code. Triggers on "Loki Mode". Orchestrates 100+ specialized agents across engineering, QA, DevOps, security, data/ML, business operations, marketing, HR, and customer success. Takes PRD to fully deployed, revenue-generating product with zero human intervention. Features Task tool for subagent dispatch, parallel code review with 3 specialized reviewers, severity-based issue triage, distributed task queue with dead letter handling, automatic deployment to cloud providers, A/B testing, customer feedback loops, incident response, circuit breakers, and self-healing. Handles rate limits via distributed state checkpoints and auto-resume with exponential backoff. Requires --dangerously-skip-permissions flag.
2SKILL.mdUpdated Apr 15, 2026
alexander-kastil/zustand-store-ts
development
VerifiedTrustedCommunity
Create Zustand stores with TypeScript, subscribeWithSelector middleware, and proper state/action separation. Use when building React state management, creating global stores, or implementing reactive state patterns with Zustand.
SKILL.mdUpdated Apr 2, 2026
alexander-kastil/zoom-automation
tools
VerifiedTrustedCommunity
Automate Zoom meeting creation, management, recordings, webinars, and participant tracking via Rube MCP (Composio). Always search tools first for current schemas.
SKILL.mdUpdated Apr 2, 2026
alexander-kastil/zoho-crm-automation
tools
VerifiedTrustedCommunity
Automate Zoho CRM tasks via Rube MCP (Composio): create/update records, search contacts, manage leads, and convert leads. Always search tools first for current schemas.
SKILL.mdUpdated Apr 2, 2026