← Back to Skills

Dependency Vulnerability Checker

🌐Community
by jeremylongshore Β· vlatest Β· Repository

This tool automatically scans project dependencies for known vulnerabilities, proactively safeguarding your code from security risks and ensuring a safer application.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add dependency-vulnerability-checker npx -- -y @trustedskills/dependency-vulnerability-checker
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "dependency-vulnerability-checker": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/dependency-vulnerability-checker"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill identifies and reports on potential security vulnerabilities in project dependencies. It analyzes a codebase or package manifest (like package.json or requirements.txt) to pinpoint outdated libraries with known vulnerabilities, providing actionable information for remediation. The tool helps ensure software projects maintain a secure posture by proactively addressing dependency-related risks.

When to use it

  • Before deploying code: Scan your project's dependencies before releasing new versions to catch potential security issues early.
  • During code reviews: Integrate into the review process to assess the security of newly added or updated dependencies.
  • Automated builds: Incorporate vulnerability scanning as part of a continuous integration/continuous delivery (CI/CD) pipeline.
  • Security audits: Perform periodic scans of existing projects to identify and address any emerging vulnerabilities.

Key capabilities

  • Dependency analysis
  • Vulnerability detection
  • Reporting of outdated dependencies
  • Support for common package manifests

Example prompts

  • "Check the dependencies in my package.json file for known vulnerabilities."
  • "Analyze this Python requirements.txt and report any vulnerable packages."
  • β€œFind all dependencies with versions older than 1.0.”

Tips & gotchas

The skill requires access to the codebase or package manifest files being analyzed. Ensure the AI agent has appropriate permissions to read these files for accurate results.

View Repository β†’

Tags

πŸ›‘οΈ

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates β€” what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
jeremylongshore
Installs
21
Repository (canonical source) β†’

🌐 Community

Passed automated security scans.