guicaulada/review-deps
home/dot_claude/exact_skills/review-deps/SKILL.md
Reviews dependency bump PRs with focus on compatibility and security issues. Use when user mentions review deps, review dependencies, dependency review, check deps, dependency prs, dep bumps, review deps prs, batch dep review.
$ install --global
skillsauthnpx skillsauth add guicaulada/dotfiles review-depsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 7, 2026, 7:30 AM142.9s3 files scanned
SKILL.md
- name:
- review-deps
- description:
- Reviews dependency bump PRs with focus on compatibility and security issues. Use when user mentions review deps, review dependencies, dependency review, check deps, dependency prs, dep bumps, review deps prs, batch dep review.
- allowed-tools:
- Read, Bash(gh *), Bash(mktemp *), Bash(rm -rf /tmp/deps-review-*), Grep, Task, WebSearch
- argument-hint:
- [pr-number or url...]
Review Dependencies
Review automated dependency bump pull requests with focus on compatibility and security analysis. Identifies version changes, checks for CVEs, breaking changes, and migration requirements. Supports both single dependency PR review and batch review of multiple dependency PRs in parallel.
Risk Levels
| Level | Description |
|------------|---------------------------------------------------------------|
| critical | Known security vulnerability, must act immediately |
| high | Major version bump with breaking changes, or CI failing |
| medium | Major bump without obvious issues, or package health concerns |
| low | Patch/minor bump, CI passing, no advisories |
Review Verdicts
| Verdict | When to Use | |---------------------|------------------------------------------------------| | Approve | Patch/minor bump with no issues, or security fix | | Comment | Major bump needing further review, unclear impact | | Request changes | Known vulnerabilities, breaking changes, CI failures |
Workflows
Review Single Dependency PR
Trigger: "review deps", "review dependencies", "dependency review", "check deps", "dependency prs", "dep bumps"
Read and follow review.md.
Batch Review Dependency PRs
Trigger: "review deps prs", "batch dep review", "review dependency prs", "review all dep prs"
Read and follow batch.md.
Related Skills
guicaulada/triage
testing
VerifiedTrustedCommunity
Fetches GitHub issues, pull requests, reviews, notifications, and project board data for the user and optionally teammates, then analyzes their state and produces a prioritized work plan. Use when prioritizing work, triaging GitHub activity, planning what to work on next, assessing current workload, checking sprint status, or reviewing project board items. Supports teammate usernames and focus areas via arguments. Do NOT use for creating, modifying, or closing issues, PRs, or other GitHub resources.
1SKILL.mdUpdated May 7, 2026
guicaulada/summarize
testing
VerifiedTrustedCommunity
Transforms text into exhaustive structured bullet-point summaries for studying and test preparation. Use when user mentions summarize, create a summary, bullet point this, give me the key points, study notes, help me study, prepare for exam, create study guide, or make flashcard content.
1SKILL.mdUpdated May 7, 2026
guicaulada/review-pr
development
VerifiedTrustedCommunity
Reviews pull requests with detailed code analysis and feedback. Use when user mentions review pr, pr review, review pull request, check pr, analyze pr, code review, review prs, batch review. Not for dependency bump PRs (use /review-deps instead).
1SKILL.mdUpdated May 7, 2026
guicaulada/obsidian
tools
VerifiedTrustedCommunity
Interacts with the Obsidian CLI for vault management, note creation, search, and organization. Use when user mentions obsidian, vault, daily note, create a note, write a document, create markdown, search vault, find notes, organize notes, manage tags, manage properties, vault health, or tasks in obsidian. Handles note creation with templates, daily notes, full-text search, link and graph exploration, property management, task tracking, and vault maintenance. Do NOT use for general markdown editing unrelated to an Obsidian vault.
1SKILL.mdUpdated May 7, 2026