Can this skill identify specific CMS versions?

Yes, it analyzes meta tags, header patterns, and characteristic file paths to identify versions for platforms like WordPress, Drupal, and enterprise .NET systems like Sitecore.

Why does this skill require WebFetch instead of browser tools?

Raw HTTP security headers (like HSTS and CSP) are only accessible via raw HTTP responses; browser automation tools like Playwright cannot reliably access these critical security indicators.

How does it check for the latest library versions?

It integrates with the Context7 MCP to resolve library IDs and fetch the most recent documentation and version information for comparison.

Does it provide remediation advice for security findings?

Yes, the skill provides prioritized fix timelines and specific remediation steps based on CVSS v3.1 severity levels.

Can I use this without access to the website's source code?

Absolutely. This skill is specifically designed for 'black-box' analysis of deployed websites using publicly available HTTP data and client-side artifacts.

Security Dependency Scanner

Name: Security Dependency Scanner
Author: charlesjones-dev

bycharlesjones-dev

•

Security & Testing

Automates comprehensive security audits of web dependencies and HTTP headers to identify vulnerabilities and misconfigurations.

About

This skill empowers Claude to perform deep security analysis on live websites by identifying outdated frontend libraries, detecting Content Management System (CMS) versions, and auditing critical HTTP security headers like CSP and HSTS. It utilizes specialized tools like WebFetch to extract raw HTTP data and cross-references versions against known CVE databases via Context7, providing a prioritized risk assessment with CVSS scores. This is ideal for security engineers, developers conducting technical due diligence, or anyone auditing supply chain risks in web applications without requiring source code access.

Key Features

Audits critical HTTP security headers including CSP, HSTS, and X-Frame-Options.
Integrates with Context7 for real-time version verification and security documentation.
Detects CMS platforms like WordPress, Drupal, Umbraco, and Sitecore using path and cookie analysis.
9 GitHub stars
Identifies frontend libraries including React, Vue, jQuery, and Bootstrap via CDN patterns.
Maps findings to known CVEs with CVSS v3.1 severity scoring and remediation guidance.

Use Cases

Conducting pre-acquisition technical due diligence on third-party web properties.
Analyzing supply chain risks by identifying vulnerable client-side dependencies.
Performing automated security surface area audits for deployed production websites.

About

Key Features

Audits critical HTTP security headers including CSP, HSTS, and X-Frame-Options.
Integrates with Context7 for real-time version verification and security documentation.
Detects CMS platforms like WordPress, Drupal, Umbraco, and Sitecore using path and cookie analysis.
9 GitHub stars
Identifies frontend libraries including React, Vue, jQuery, and Bootstrap via CDN patterns.
Maps findings to known CVEs with CVSS v3.1 severity scoring and remediation guidance.

Use Cases

Conducting pre-acquisition technical due diligence on third-party web properties.
Analyzing supply chain risks by identifying vulnerable client-side dependencies.
Performing automated security surface area audits for deployed production websites.