Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

takazudo/dependabot-resolve

Name: dependabot-resolve
Author: takazudo

skills/dependabot-resolve/SKILL.md

npx skillsauth add takazudo/claude-resources dependabot-resolve

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Dependabot Resolution Workflow

Execute a comprehensive dependency update workflow:

Step 1: Analyze Dependabot Issues

Use gh issue list --label "dependencies" --state open --json number,title,url,body to list all open Dependabot issues
For each issue, carefully analyze:
- What dependency is being updated
- What version change is proposed (patch/minor/major)
- Any breaking changes mentioned
- Security vulnerabilities fixed
Determine which updates should be applied based on:
- Security fixes (high priority)
- Patch updates (generally safe)
- Minor updates (review carefully)
- Major updates (review very carefully for breaking changes)

Step 2: Run Security Audit

Run pnpm audit to check for security vulnerabilities
Identify any critical or high-severity issues
Note any recommended updates from the audit

Step 3: Create Update Branch

If there are updates to apply:

Get current date in MMDD format (e.g., "1220" for December 20th)
Get the current branch name to use as base
Create new branch: deps-update-MMDD from the current branch
Switch to the new branch

Step 4: Apply Updates

For each dependency to update:
- Use pnpm update <package-name> or pnpm add <package-name>@<version> as appropriate
- If it's a major version update, check for breaking changes in the changelog first
After all updates, run pnpm install to ensure lockfile is updated

Step 4.5: Handle Related Updates (Package + Infrastructure Sync)

Some packages require coordinated updates across multiple files. Check for these patterns:

Playwright Package + Docker Image

When updating @playwright/test or playwright in package.json:

Check current versions:

package.json: Look for @playwright/test and playwright versions
.github/workflows/*.yml: Search for mcr.microsoft.com/playwright:v Docker image tags

Update Docker image tag to match the npm package version:

# In workflow files using Playwright Docker container
container:
  image: mcr.microsoft.com/playwright:v<NEW_VERSION>-noble

Verify image exists at https://mcr.microsoft.com/v2/playwright/tags/list or check Microsoft's Playwright Docker documentation
Example: If updating @playwright/test from 1.57.0 to 1.58.0:

Update package.json: "@playwright/test": "^1.58.0"
Update workflow: image: mcr.microsoft.com/playwright:v1.58.0-noble

Other Common Pairs to Watch

TypeScript + @types packages: May need coordinated updates
ESLint + plugins: Plugin versions often need to match ESLint major version
Next.js + related packages: next, eslint-config-next, etc.

Step 5: Quality Checks

Run all quality checks in sequence:

Type checking: pnpm typecheck
Linting: pnpm lint (or pnpm lint:fix if auto-fixable)
Formatting: pnpm format (or pnpm format:fix if needed)
Unit tests: pnpm test:unit
Build: pnpm build (to ensure the project builds successfully)
E2E tests: pnpm test:e2e:critical or pnpm test:e2e:full-prod for comprehensive testing

Step 6: Review Results

If all checks pass:
- Proceed to Step 7
If any checks fail:
- Investigate the failure
- Determine if it's a breaking change or test needs updating
- Fix issues or revert problematic updates
- Re-run quality checks

Step 7: Push and Create PR

Once all checks pass:

Stage all changes: git add .
Commit with descriptive message: git commit -m "chore: Update dependencies (MMDD)"
Push to remote: git push -u origin deps-update-MMDD
Create PR using gh pr create with:
- Title: "chore: Update dependencies (MMDD)"
- Body including:
  - List of updated packages and versions
  - Summary of security fixes (if any)
  - Links to Dependabot issues being resolved using list format:
```
- 関連Issue
    - https://github.com/<owner>/<repo>/issues/<issue-1>
    - https://github.com/<owner>/<repo>/issues/<issue-2>
```
  - Note that all quality checks passed
- Use full URLs (not #<number>) so GitHub auto-expands them to show issue titles

Important Notes

Never auto-merge - always create PR for manual review
For major version updates, mention breaking changes in PR description
If updating critical dependencies (Gatsby, React, etc.), note that extra testing may be needed
Close related Dependabot issues after PR is merged
Follow the project's dependency management guidelines from CLAUDE.md

Safety Checks

Never use --force flags
Always run full test suite before pushing
Check for deprecation warnings during build
Verify the build output works correctly (pnpm serve and manual testing if needed)

takazudo/dependabot-resolve

skills/dependabot-resolve/SKILL.md

Comprehensive dependency update workflow for resolving Dependabot alerts and PRs. Use when: (1) User wants to update dependencies, (2) User mentions 'dependabot', 'security vulnerabilities', or 'dependency updates', (3) User asks to run security audit, (4) User wants to create a deps-update PR. Analyzes Dependabot issues, runs pnpm audit, applies updates, runs quality checks (typecheck, lint, test, build), handles Playwright Docker image sync, creates PR with changelog.

8 stars

development

Updated May 8, 2026

$ install --global

skillsauth

npx skillsauth add takazudo/claude-resources dependabot-resolve

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 8, 2026, 4:25 AM152.7s1 file scanned

SKILL.md

name:: dependabot-resolve
description:: Comprehensive dependency update workflow for resolving Dependabot alerts and PRs. Use when: (1) User wants to update dependencies, (2) User mentions 'dependabot', 'security vulnerabilities', or 'dependency updates', (3) User asks to run security audit, (4) User wants to create a deps-update PR. Analyzes Dependabot issues, runs pnpm audit, applies updates, runs quality checks (typecheck, lint, test, build), handles Playwright Docker image sync, creates PR with changelog.

Dependabot Resolution Workflow

Execute a comprehensive dependency update workflow:

Step 1: Analyze Dependabot Issues

Use gh issue list --label "dependencies" --state open --json number,title,url,body to list all open Dependabot issues
For each issue, carefully analyze:
- What dependency is being updated
- What version change is proposed (patch/minor/major)
- Any breaking changes mentioned
- Security vulnerabilities fixed
Determine which updates should be applied based on:
- Security fixes (high priority)
- Patch updates (generally safe)
- Minor updates (review carefully)
- Major updates (review very carefully for breaking changes)

Step 2: Run Security Audit

Run pnpm audit to check for security vulnerabilities
Identify any critical or high-severity issues
Note any recommended updates from the audit

Step 3: Create Update Branch

If there are updates to apply:

Get current date in MMDD format (e.g., "1220" for December 20th)
Get the current branch name to use as base
Create new branch: deps-update-MMDD from the current branch
Switch to the new branch

Step 4: Apply Updates

For each dependency to update:
- Use pnpm update <package-name> or pnpm add <package-name>@<version> as appropriate
- If it's a major version update, check for breaking changes in the changelog first
After all updates, run pnpm install to ensure lockfile is updated

Step 4.5: Handle Related Updates (Package + Infrastructure Sync)

Some packages require coordinated updates across multiple files. Check for these patterns:

Playwright Package + Docker Image

When updating @playwright/test or playwright in package.json:

Check current versions:

package.json: Look for @playwright/test and playwright versions
.github/workflows/*.yml: Search for mcr.microsoft.com/playwright:v Docker image tags

Update Docker image tag to match the npm package version:

# In workflow files using Playwright Docker container
container:
  image: mcr.microsoft.com/playwright:v<NEW_VERSION>-noble

Verify image exists at https://mcr.microsoft.com/v2/playwright/tags/list or check Microsoft's Playwright Docker documentation
Example: If updating @playwright/test from 1.57.0 to 1.58.0:

Update package.json: "@playwright/test": "^1.58.0"
Update workflow: image: mcr.microsoft.com/playwright:v1.58.0-noble

Other Common Pairs to Watch

TypeScript + @types packages: May need coordinated updates
ESLint + plugins: Plugin versions often need to match ESLint major version
Next.js + related packages: next, eslint-config-next, etc.

Step 5: Quality Checks

Run all quality checks in sequence:

Type checking: pnpm typecheck
Linting: pnpm lint (or pnpm lint:fix if auto-fixable)
Formatting: pnpm format (or pnpm format:fix if needed)
Unit tests: pnpm test:unit
Build: pnpm build (to ensure the project builds successfully)
E2E tests: pnpm test:e2e:critical or pnpm test:e2e:full-prod for comprehensive testing

Step 6: Review Results

If all checks pass:
- Proceed to Step 7
If any checks fail:
- Investigate the failure
- Determine if it's a breaking change or test needs updating
- Fix issues or revert problematic updates
- Re-run quality checks

Step 7: Push and Create PR

Once all checks pass:

Stage all changes: git add .
Commit with descriptive message: git commit -m "chore: Update dependencies (MMDD)"
Push to remote: git push -u origin deps-update-MMDD
Create PR using gh pr create with:
- Title: "chore: Update dependencies (MMDD)"
- Body including:
  - List of updated packages and versions
  - Summary of security fixes (if any)
  - Links to Dependabot issues being resolved using list format:
```
- 関連Issue
    - https://github.com/<owner>/<repo>/issues/<issue-1>
    - https://github.com/<owner>/<repo>/issues/<issue-2>
```
  - Note that all quality checks passed
- Use full URLs (not #<number>) so GitHub auto-expands them to show issue titles

Important Notes

Never auto-merge - always create PR for manual review
For major version updates, mention breaking changes in PR description
If updating critical dependencies (Gatsby, React, etc.), note that extra testing may be needed
Close related Dependabot issues after PR is merged
Follow the project's dependency management guidelines from CLAUDE.md

Safety Checks

Never use --force flags
Always run full test suite before pushing
Check for deprecation warnings during build
Verify the build output works correctly (pnpm serve and manual testing if needed)

Related Skills

takazudo/dev-linkify-cc-resources

development

VerifiedTrustedCommunity

Link Claude Code skill names mentioned in a CodeGrid article (data/{series}/{n}.md) to the author's public claude-resources repo, pinned to the latest commit hash so links don't rot. Use when: (1) user says 'linkify cc resources', 'link the skills', 'link skill names', or invokes /dev-linkify-cc-resources; (2) editing a CodeGrid article that mentions `/commits`, `/pr-complete`, `/skill-creator` or other Claude Code skills and they should point to claude-resources. Only links skills that actually exist in the public repo; skips hypothetical examples and code blocks.

10SKILL.mdUpdated Jun 2, 2026

takazudo/dev-linkify-cc-resources

takazudo/opus-2nd

development

VerifiedTrustedCommunity

Second opinion from Claude Opus on a plan or approach. Use when: (1) Planning phase of /big-plan needs a higher-quality review than /codex-2nd / /gco-2nd / /gcoc-2nd, (2) User says 'opus 2nd' or 'opus opinion', (3) Wanting Anthropic's larger model to critique a plan. Spawns a general-purpose Agent with model: opus that reads the plan file and returns structured feedback. Anthropic quota — not free.

10SKILL.mdUpdated May 29, 2026

takazudo/dev-ai-based-test

tools

VerifiedTrustedCommunity

AI-based testing via subagent + a per-task test-flow skill. Use when the user wants to verify something that mechanical assertions can't fully capture — image recognition, visual size/position comparison, animation smoothness, multi-step manual flows that need AI judgment. Triggers: 'AI-based test', 'AI test', 'visual verify', 'image recognition test', 'manual operation test', 'human-eye check', 'verify visually', 'compare screenshots', 'looks the same', 'looks correct'. The skill's job is to (1) author a focused test-flow skill that captures the exact procedure + verdict criteria, then (2) dispatch a verification subagent via the Agent tool that loads BOTH the test-flow skill AND a browser-driving skill (/verify-ui primary, /headless-browser fallback) so the subagent has clear context and consistent verdicts. NEVER uses `claude -p` — subagent dispatch goes through the Agent tool exclusively.

10SKILL.mdUpdated May 29, 2026

takazudo/dev-ai-based-test

takazudo/cleanup-resources

development

VerifiedTrustedCommunity

End-of-workflow audit of touched GitHub issues, PRs, and branches via a Sonnet subagent. Use when: (1) /big-plan, /x-as-pr, or /x-wt-teams finishes its main work and needs to verify every touched resource is in the right state (closed when done, kept when ongoing, deleted when dead), (2) User says 'cleanup resources', 'audit cleanup', or 'check what should be closed', (3) A long workflow ends and the manager wants a structured paper trail of what it closed/kept/deleted. Auto-execute by default — the Sonnet agent proposes, the manager (you) executes safe actions and prints a final report.

10SKILL.mdUpdated May 29, 2026

takazudo/cleanup-resources

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/takazudo/claude-resources.git

# Copy into Claude Code skills folder (global)
cp -r claude-resources/skills/dependabot-resolve ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

takazudo/claude-resources

8 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT