How does the skill help with remediation?

Beyond just finding vulnerabilities, the skill analyzes the exploitability of each finding and provides specific guidance on how to update or patch the affected packages.

Does this scan run on my local machine?

Yes, the skill operates within your local environment, using the Wraith binary to scan your project files and storing results in a local directory.

Is this tool suitable for enterprise security audits?

Absolutely. It is built for AppSec workflows, providing structured findings with severity levels and detailed summaries suitable for professional security reviews.

What lockfiles does Ghost Scan Deps support?

The skill supports a wide range of popular dependency managers, including npm (package-lock.json), Yarn (yarn.lock), Go (go.sum/go.mod), and Ruby (Gemfile.lock).

Ghost Dependency Security Scanner

Name: Ghost Dependency Security Scanner
Author: ghostsecurity

byghostsecurity

•

357

•

Seguridad y Pruebas

Scans software dependency lockfiles to identify known vulnerabilities and provides detailed remediation guidance.

The Ghost Dependency Security Scanner is a specialized Software Composition Analysis (SCA) tool designed for Claude Code. It automates the detection of security risks in third-party libraries by scanning lockfiles such as package-lock.json, yarn.lock, go.sum, and Gemfile.lock. By orchestrating the Wraith scanner and specialized subagents, it identifies CVEs, assesses their exploitability, and generates comprehensive security audit reports. This skill is essential for developers who need to maintain secure dependencies and automate security reviews within their AI-driven development workflow.

Características Principales

01Automated discovery of JS, Go, and Ruby dependency lockfiles

02Deep vulnerability scanning using the Wraith security engine

03Standardized report generation with severity levels and fix guidance

04357 GitHub stars

05Exploitability analysis to prioritize high-risk security findings

06Orchestrated multi-agent workflow for setup, scanning, and summarization

Casos de Uso

01Checking for specific CVEs in project dependencies before deployment

02Performing a security audit on a new or existing codebase

03Automating the identification of vulnerable packages during development

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ghostsecurity/skills scan-deps

For use in Claude.ai and ChatGPT

Download Skill