ReddRadar
Agent skill
sca-runner
Runs Software Composition Analysis (SCA) to detect vulnerable dependencies. Wraps npm audit and Trivy fs. Use when user asks to "scan dependencies", "check npm vulnerabilities", "SCA scan", "dependency audit", "依存関係スキャン", "脆弱性チェック".
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/development/sca-runner-naporin0624-claude-web-audit-plu
SKILL.md
SCA Runner
Wrapper for npm audit and Trivy to perform Software Composition Analysis.
Prerequisites
At least one of these tools must be installed:
# npm audit (built into npm)
npm --version
# Trivy (recommended for multi-language support)
brew install trivy
# or
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
Usage
# Scan with auto-detection (prefers Trivy if available)
npx sca-runner .
# Force specific scanner
npx sca-runner . --scanner npm
npx sca-runner . --scanner trivy
# JSON output
npx sca-runner . --json
# Check available scanners
npx sca-runner --check
# Scan specific package file
npx sca-runner ./package-lock.json --scanner npm
Supported Package Managers
| Scanner | Languages/Files |
|---|---|
| npm audit | Node.js (package-lock.json) |
| Trivy | Node.js, Python, Go, Ruby, Rust, Java, .NET |
Output Format
{
"tool": "trivy",
"scanPath": ".",
"scanDate": "2024-01-15T10:30:00Z",
"findings": [
{
"id": "CVE-2024-1234",
"severity": "critical",
"package": "lodash",
"installedVersion": "4.17.20",
"fixedVersion": "4.17.21",
"title": "Prototype Pollution",
"description": "...",
"cvss": 9.8,
"cwes": ["CWE-1321"],
"references": ["https://nvd.nist.gov/..."]
}
],
"summary": {
"total": 5,
"critical": 1,
"high": 2,
"medium": 1,
"low": 1
}
}
Exit Codes
0: No vulnerabilities found1: Vulnerabilities detected2: Tool not installed or error
Common CVEs Detected
- Prototype Pollution (CWE-1321)
- Regular Expression DoS (CWE-1333)
- Path Traversal (CWE-22)
- Code Injection (CWE-94)
- Denial of Service (CWE-400)
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
Didn't find tool you were looking for?