Does this skill require access to my website's source code?

No, this skill performs a passive scan of publicly accessible client-side information and HTTP headers, requiring only a URL to function.

What platforms and libraries can this skill detect?

It identifies major UI frameworks (React, Vue, Angular), CMS platforms (WordPress, Drupal, Sitecore, Umbraco), and common utility libraries like jQuery and Bootstrap.

Can I scan password-protected or authenticated areas of a site?

Currently, the scan is limited to publicly accessible information and cannot bypass authentication or assess server-side business logic flaws.

Why does it use WebFetch instead of browser automation tools?

WebFetch captures raw HTTP response headers, which is essential for auditing security configurations like Content-Security-Policy that browser automation tools often omit.

How does this differ from the standard security-audit skill?

While 'security-audit' analyzes local source code for vulnerabilities, 'security-scan-dependencies' analyzes live, deployed websites from an external perspective.

Web Dependency Security Scanner

Name: Web Dependency Security Scanner
Author: charlesjones-dev

bycharlesjones-dev

•

보안 및 테스팅

Scans deployed websites to identify outdated frontend libraries, CMS vulnerabilities, and missing security headers without requiring source code access.

This skill enables Claude to perform comprehensive security audits of live web applications by analyzing publicly accessible client-side information. It automatically detects frontend frameworks, Content Management Systems (CMS), and HTTP security configurations to identify known CVEs and misconfigurations. By utilizing raw HTTP requests rather than browser automation, it ensures accurate capture of critical security headers like CSP and HSTS, providing developers and security researchers with a prioritized risk mitigation roadmap and detailed vulnerability reports.

주요 기능

0129 GitHub stars

02Comprehensive HTTP security header audit (CSP, HSTS, X-Frame-Options)

03Detailed Markdown report generation with a prioritized security roadmap

04Interactive target URL and scan scope configuration

05Vulnerability identification with CVSS scoring and remediation guidance

06Automated detection of 50+ frontend libraries and major CMS platforms

사용 사례

01Auditing live production environments for outdated client-side dependencies

02Validating HTTP security header implementations across web properties

03Performing third-party website security assessments and vendor due diligence

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add charlesjones-dev/claude-code-plugins-dev security-scan-dependencies

For use in Claude.ai and ChatGPT

Download Skill