AI KNOWLEDGE HUB • SUPER EARLY BUILD • OPEN SOURCE SKILLS • CONTRIBUTE VIA PR •
HomeCatalogAgentsPluginsTools & MCPsecurity/dependency-supply-chain-audit

Security / Supply Chain

Dependency Supply Chain Audit

Review manifests and lockfiles for vulnerable, suspicious, or overpowered dependencies and recommend mitigations.

dependencies, sca, cve, supply-chain

Install this skill

Install (Codex)

./bin/skills-hub install security/[email protected] --runtime codex

Install (Claude)

./bin/skills-hub install security/[email protected] --runtime claude

Install (Generic)

./bin/skills-hub install security/[email protected] --runtime generic --target ./my-agent/skills

Operational Summary

Use when: Use when manifests and lockfiles need vulnerability, provenance, and package risk review before trust is granted.

Execution mode: may-run-local-verification

Approval boundary: May run local scanners and review package risk; require human approval before removing dependencies or changing production lockfiles.

Status

Readiness: Experimental

Security reviewed: no

Lifecycle: Active

Runtime & Dependencies

ID: security/dependency-supply-chain-audit

Runtimes: codex, claude, generic

Tool dependencies: 2

API dependencies: 0

Dependencies

Tools: trivy, osv-scanner

APIs: Not documented

Outputs

  • Dependency findings
  • Risk ranking
  • Mitigation recommendations