Dependency Audit

This skill guides the AI in identifying and remediating vulnerabilities introduced through third-party dependencies, libraries, and build tools. This directly addresses A03:2025 – Software Supply Chain Failures.

Usage

Use this skill when you need to evaluate the security posture of your project's dependencies or CI/CD pipelines.

Example Triggers:

"Can you audit my package.json and help me fix the vulnerable dependencies?"
"Review my GitHub Actions workflow for supply chain risks."
"How do I update the outdated logging package that has a CVE?"

Workflow

Tool Execution Verification: Instruct the user to run context-appropriate auditing tools if they haven't already and provide the output.
- Node.js: npm audit or yarn audit
- Python: pip-audit or safety

Dependency Audit

Usage

Use this skill when you need to evaluate the security posture of your project's dependencies or CI/CD pipelines.

Example Triggers:

"Can you audit my package.json and help me fix the vulnerable dependencies?"
"Review my GitHub Actions workflow for supply chain risks."
"How do I update the outdated logging package that has a CVE?"

Workflow

Tool Execution Verification: Instruct the user to run context-appropriate auditing tools if they haven't already and provide the output.
- Node.js: npm audit or yarn audit
- Python: pip-audit or safety

Sec Dependency Audit

Dependency Audit

Usage

Workflow

Sec Dependency Audit

Dependency Audit

Usage

Workflow

Best Practices

Github

Openclaw Parallels Smoke

Update Screenshots

Azure Pipelines

Deployment Patterns

Deployment Patterns