ReddRadar
Agent skill
dep-audit
Audit dependency security risks
Install this agent skill to your Project
npx add-skill https://github.com/sd0xdev/sd0x-dev-flow/tree/main/skills/dep-audit
SKILL.md
Dependency Audit
Trigger
- Keywords: dep audit, dependency audit, security audit dependencies, dep-audit
When NOT to Use
- OWASP code review (use
/codex-security) - Code review (use
/codex-review-fast) - General security review (use
/codex-security)
Workflow Steps
| Step | Goal | Safety |
|---|---|---|
| audit | Scan dependencies for vulnerabilities | read-only |
Failure behavior: report-all
Task
Arguments
$ARGUMENTS
--level <severity>— Minimum reporting level (low/moderate/high/critical), default: moderate--fix— Attempt automatic fix
Step 1: Check for audit script
Use Glob to check if .claude/scripts/dep-audit.sh exists in the project root.
- Found → run:
bash .claude/scripts/dep-audit.sh $ARGUMENTS- If script succeeds, use its output and skip to the Output section.
- If script fails, treat as a real audit failure (do not silently fallback).
- NOT found → skip to Step 2 (do NOT attempt to run the script).
Step 2: Fallback (no audit script)
Detect the project ecosystem and run the audit manually.
Ecosystem detection (check project root for manifest files):
| Manifest | Ecosystem | Audit Command | Fix Command |
|---|---|---|---|
package.json + pnpm-lock.yaml |
Node (pnpm) | pnpm audit --audit-level {LEVEL} |
pnpm audit --fix |
package.json + yarn.lock |
Node (yarn) | yarn audit --level {LEVEL} |
yarn audit --fix or npx yarn-audit-fix |
package.json |
Node (npm) | npm audit --audit-level={LEVEL} |
npm audit fix |
pyproject.toml |
Python | pip-audit or safety check |
pip-audit --fix |
Cargo.toml |
Rust | cargo audit |
cargo audit fix |
go.mod |
Go | govulncheck ./... |
(manual fix) |
build.gradle |
Java | ./gradlew dependencyCheckAnalyze |
(manual fix) |
Default {LEVEL} is moderate unless --level argument is provided.
If --fix is specified, run the fix command for the detected ecosystem after audit.
If no recognized manifest file exists, report an error.
Output
## Audit Results
| Severity | Count |
|----------|-------|
| Critical | 0 |
| High | 0 |
| Moderate | 0 |
| Low | 0 |
## Vulnerability Details
### [severity] Issue Title
- **Package**: package-name
- **Fix**: Available / Not available
## Gate
✅ **PASS** — No moderate or above vulnerabilities
❌ **FAIL** — Found high severity vulnerabilities
Examples
/dep-audit
/dep-audit --level high
/dep-audit --fix
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
sd0xdev/sd0x-dev-flow
runbook
Generate and update feature release runbooks from existing docs and codebase. Use when: creating operational runbook, release handbook, deployment checklist, pre-release preparation. Not for: incident response (v2), code review (use codex-code-review), architecture design (use architecture).
sd0xdev/sd0x-dev-flow
ask
Context-aware Q&A with auto context gathering. Use when: user has a quick question about codebase, git history, rules, docs, or skills during development. Not for: code changes (use feature-dev), code review (use codex-review-fast), deep research (use deep-research), full code trace (use code-explore). Output: structured answer with source attribution.
sd0xdev/sd0x-dev-flow
project-brief
Convert a technical spec into a PM/CTO-readable executive summary. Simplify technical details, focus on business value.
sd0xdev/sd0x-dev-flow
codex-test-gen
Generate unit tests for specified functions using Codex MCP
sd0xdev/sd0x-dev-flow
bug-fix
Bug fix workflow. Use when: fixing bugs, resolving issues, regression fixes. Not for: new features (use feature-dev), understanding code (use code-explore). Output: fix + regression test + review gate.
sd0xdev/sd0x-dev-flow
skill-health-check
Validate skill quality against routing, progressive loading, and verification criteria. Use when: auditing skills, checking skill health, reviewing skill design. Not for: code review (use codex-code-review) or doc review (use doc-review). Output: health report with per-skill ratings + Gate.
Didn't find tool you were looking for?