← Back to Skills

Package Audit

🌐Community
by sgcarstrends · vlatest · Repository

Helps with packages, auditing as part of agent workflows workflows.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add package-audit npx -- -y @trustedskills/package-audit
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "package-audit": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/package-audit"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill, package-audit, allows you to audit software packages and their dependencies. It identifies vulnerabilities in your project's dependencies by checking against known vulnerability databases. This helps ensure that your applications are secure and protected from potential exploits.

When to use it

  • Security Review: Before deploying a new application or updating existing code, run an audit to identify any security risks.
  • Dependency Management: Regularly check for vulnerabilities in your project's dependencies as part of your development workflow.
  • Compliance Checks: Verify that your software meets specific security compliance requirements by identifying and addressing known vulnerabilities.
  • Automated Builds: Integrate package auditing into automated build pipelines to catch vulnerabilities early.

Key capabilities

  • Vulnerability scanning
  • Dependency analysis
  • Database checks

Example prompts

  • "Audit the dependencies of my package.json file."
  • "Check for vulnerabilities in the requirements.txt file for my Python project."
  • "Run a security audit on all packages listed in my Gemfile."

Tips & gotchas

The skill requires access to your project's package manifest files (e.g., package.json, requirements.txt, Gemfile). Ensure the AI agent has appropriate permissions to read these files for accurate results.

View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
sgcarstrends
Installs
10
Repository (canonical source) →

🌐 Community

Passed automated security scans.