ReddRadar
Agent skill
deps-audit
Audits project dependencies for vulnerabilities, outdated packages, and license issues. Use when checking dependency health, running security audits, or reviewing package versions. Covers native audit tools, version freshness, and license compliance.
Install this agent skill to your Project
npx add-skill https://github.com/philoserf/claude-code-setup/tree/main/skills/deps-audit
SKILL.md
Audit this project's dependencies. If $ARGUMENTS are provided, scope the audit accordingly (e.g., a specific package, dimension, or ecosystem).
1. Detect ecosystem
Identify which package managers are present and their lock files.
| Manifest | Ecosystem | Audit Tool | Outdated Tool |
|---|---|---|---|
| package.json | Node.js | npm audit |
npm outdated |
| pyproject.toml / requirements.txt | Python | pip-audit |
pip list -o |
| go.mod | Go | govulncheck |
go list -m -u |
| Cargo.toml | Rust | cargo audit |
cargo outdated |
| Gemfile | Ruby | bundle-audit |
bundle outdated |
| composer.json | PHP | composer audit |
composer outdated |
2. Three-dimension audit
Run each check using the ecosystem's native tooling:
- Vulnerabilities — run the native audit tool (see table above); classify findings by severity (critical / high / medium / low). If a tool isn't installed, note it in the report and skip that dimension rather than failing.
- Outdated — check for outdated dependencies; flag major version bumps separately from minor/patch; note packages more than 6 months behind latest
- Licenses — identify dependency licenses; flag copyleft (GPL, AGPL) and unknown licenses against the project's own license
3. Output format
Produce a structured report with:
- Summary — ecosystem, total deps, issue counts by severity
- Vulnerabilities table — package, severity, CVE, fix version
- Outdated table — package, current version, latest version, bump type
- License issues — package, license, concern
- Prioritized remediation steps — ordered by severity then effort
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
philoserf/claude-code-setup
pre-release
Validates a project is ready to tag and ship. Use when tagging a release, cutting a version, shipping a package, or asking "are we ready to release?" Checks repo hygiene, CI status, docs, version sync, and build verification. Optimized for Obsidian plugins with fallback detection for other project types.
philoserf/claude-code-setup
local-issues
Reviews a codebase for bugs, design issues, and code cleanliness problems with specific file paths and line numbers. Use when auditing code quality, finding bugs, doing a code review, finding problems, or reviewing a project for issues. Creates issue files in `.issues/` directory.
philoserf/claude-code-setup
skill-improve
Generates prioritized improvement recommendations for Claude Code skills. Use when improving skills, enhancing customizations, or wanting actionable feedback on how to make a skill better. Provides impact/effort prioritization with specific fix suggestions.
philoserf/claude-code-setup
release
Executes the final release workflow for Obsidian plugins after pre-release checks pass. Use when tagging a release, publishing a version, or shipping an Obsidian plugin. Bumps version via bun run script, creates git tag, pushes to trigger GitHub Actions, and updates GitHub release notes from CHANGELOG.md.
philoserf/claude-code-setup
skill-quality
Scores Claude Code skills (1-5) across 6 weighted quality dimensions aligned with official Anthropic docs. Use when evaluating skill quality, rating skills, scoring customizations, comparing skill effectiveness, or checking if a skill follows best practices. Produces per-dimension scores with evidence, weighted totals, quality tier classification, and actionable improvement recommendations.
philoserf/claude-code-setup
obsidian-cli
Interacts with Obsidian vaults using the Obsidian CLI to read, create, and manage notes, tasks, properties, tags, and more. Also supports plugin and theme development with commands to reload plugins, run JavaScript, capture errors, take screenshots, and inspect the DOM. Use when the user asks to interact with their Obsidian vault, manage notes, add to daily note, find notes about a topic, check tasks, append to a note, query the vault, list tags, list files, manage bookmarks, check sync status, view file history, use templates, query bases, run QuickAdd, perform vault operations from the command line, or develop and debug Obsidian plugins and themes.
Didn't find tool you were looking for?