Which programming languages does the CVE Audit skill support?

The skill currently supports Node.js (npm), Python (pip), Ruby (Bundler), Go (Go Modules), and Java (Maven) by parsing their respective manifest files.

Can I use this skill in my CI/CD pipeline?

Yes, it is designed for automation with specific exit codes (1 if vulnerabilities are found) and a --json flag for structured data processing.

Where does the vulnerability data come from?

The skill queries the OpenCVE database and references the official CVE database and CVSS scoring guides for accuracy.

How often is the CVE data updated?

Results are cached for 24 hours to improve performance, but you can use the --no-cache flag to bypass the cache and fetch the most recent data.

Does it check transitive dependencies?

No, this skill currently focuses on scanning direct dependencies listed in your source manifest files like package.json or requirements.txt.

CVE Dependency Audit

Name: CVE Dependency Audit
Author: Mearman

byMearman

•

보안 및 테스팅

Scans project dependencies across multiple programming languages to identify and report known security vulnerabilities and CVEs.

CVE Dependency Audit is a comprehensive security tool for Claude Code that automatically detects and analyzes dependency manifest files—including package.json, requirements.txt, and go.mod—to identify known Common Vulnerabilities and Exposures (CVEs). It provides developers with actionable security intelligence, including CVSS scores and severity levels, allowing for proactive vulnerability management within the development environment. Whether performing a routine health check or a pre-deployment security review, this skill streamlines the process of ensuring software supply chain security across Node.js, Python, Ruby, Go, and Java ecosystems.

주요 기능

01Multi-language support for Node.js, Python, Ruby, Go, and Maven

02Machine-readable JSON output for CI/CD integration and compliance

032 GitHub stars

04Detailed vulnerability reporting with CVSS scores and severity levels

05Automatic detection and parsing of dependency manifest files

06Configurable filtering by severity from Critical to Low

사용 사례

01Conducting pre-deployment security audits to prevent shipping vulnerabilities to production

02Performing regular dependency health checks to identify newly discovered CVEs in existing projects

03Generating automated compliance reports for security reviews and organizational audits

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mearman/marketplace cve-audit

For use in Claude.ai and ChatGPT

Download Skill