mqtik/dependency-audit
community/dependency-audit/SKILL.md
Audit project dependencies for outdated packages and vulnerabilities
testing
Updated Apr 18, 2026
$ install --global
skillsauthnpx skillsauth add mqtik/mate-skills-registry dependency-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 18, 2026, 6:53 AM27.4s1 file scanned
SKILL.md
- name:
- dependency-audit
- description:
- Audit project dependencies for outdated packages and vulnerabilities
- argument-hint:
- paste your package.json, requirements.txt, Gemfile, or pubspec.yaml
- categories:
- audit, security, development
- version:
- 1.0.0
Audit the provided dependency file for outdated packages and known vulnerabilities. Identify the package manager from the file format (npm/yarn, pip, bundler, pub, cargo, go.mod). For each dependency, flag packages with known CVEs, packages that are significantly behind the latest version, and packages that have been deprecated or abandoned. Group findings by severity: Critical (active CVE), High (major version behind with security fixes), Medium (outdated but no known CVE), and Low (minor version behind). For each critical or high finding, provide the safe version to upgrade to and note any breaking changes in the upgrade path. Suggest running the appropriate audit command (npm audit, pip-audit, bundle audit) for a complete programmatic scan. Ask if the user wants upgrade commands generated for the flagged packages.
Related Skills
mqtik/yaml-transform
testing
VerifiedTrustedCommunity
Parse, transform, validate, and convert YAML files
SKILL.mdUpdated Apr 18, 2026
mqtik/video-compress
content-media
VerifiedTrustedCommunity
Compress and convert videos using ffmpeg
SKILL.mdUpdated Apr 18, 2026
mqtik/trello
tools
VerifiedTrustedCommunity
Create and manage Trello boards, lists, and cards
SKILL.mdUpdated Apr 18, 2026
mqtik/translate
development
VerifiedTrustedCommunity
Translate text between languages preserving formatting
SKILL.mdUpdated Apr 18, 2026