Which programming languages does this skill support?

It currently supports JavaScript/TypeScript (package.json), Python (requirements.txt), Go (go.mod), and Ruby (Gemfile).

How does it identify vulnerabilities?

The skill parses your dependency manifests and compares the package versions against known vulnerability databases and CVE feeds.

Does it provide specific upgrade recommendations?

Yes, for every flagged package, it suggests a pinned safe version or a recommended upgrade path to resolve the vulnerability.

Does it check for outdated packages that aren't vulnerable?

Yes, it flags packages that are more than two major versions behind the latest stable release to ensure long-term maintainability.

What type of severity levels does it flag?

It focuses primarily on Critical and High severity CVEs to help you prioritize the most urgent security risks.

Dependency Security Check

Name: Dependency Security Check
Author: LieBieS

byLieBieS

•

Security & Testing

Audits project dependencies for known vulnerabilities and suggests secure upgrade paths to mitigate security risks.

The Dependency Security Check skill automates the process of securing your software supply chain by monitoring manifest files like package.json, requirements.txt, go.mod, and Gemfile. It cross-references project dependencies against global CVE databases to identify Critical or High-severity vulnerabilities and flags components that have fallen significantly behind stable releases. By providing actionable remediation steps, pinned safe versions, and alignment with OWASP A06:2021 standards, this skill empowers developers to maintain a robust and secure codebase directly within their AI-assisted development workflow.

Key Features

01Real-time identification of Critical and High-severity CVEs

02Detection of outdated components trailing by two or more major versions

03Alignment with OWASP A06:2021 vulnerability standards

041 GitHub stars

05Actionable remediation reports with specific version upgrade paths

06Automatic scanning of JS, Python, Go, and Ruby dependency manifests

Use Cases

01Generating compliance reports for software supply chain security reviews

02Performing an immediate security audit when onboarding a new or legacy repository

03Automatically validating new package additions for vulnerabilities during development

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add liebies/newt dependency-security-check

For use in Claude.ai and ChatGPT

Key Features

01Real-time identification of Critical and High-severity CVEs

02Detection of outdated components trailing by two or more major versions

03Alignment with OWASP A06:2021 vulnerability standards

041 GitHub stars

05Actionable remediation reports with specific version upgrade paths

06Automatic scanning of JS, Python, Go, and Ruby dependency manifests

Use Cases

01Generating compliance reports for software supply chain security reviews

02Performing an immediate security audit when onboarding a new or legacy repository

03Automatically validating new package additions for vulnerabilities during development

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add liebies/newt dependency-security-check

For use in Claude.ai and ChatGPT