ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

dependency-auditor

Dependency Auditor

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/alirezarezvani/dependency-auditor
Or

Dependency Auditor

Skill Type: POWERFUL
Category: Engineering
Domain: Dependency Management & Security

Overview

The Dependency Auditor is a comprehensive toolkit for analyzing, auditing, and managing dependencies across multi-language software projects. This skill provides deep visibility into your project's dependency ecosystem, enabling teams to identify vulnerabilities, ensure license compliance, optimize dependency trees, and plan safe upgrades.

In modern software development, dependencies form complex webs that can introduce significant security, legal, and maintenance risks. A single project might have hundreds of direct and transitive dependencies, each potentially introducing vulnerabilities, license conflicts, or maintenance burden. This skill addresses these challenges through automated analysis and actionable recommendations.

Core Capabilities

1. Vulnerability Scanning & CVE Matching

Comprehensive Security Analysis

  • Scans dependencies against built-in vulnerability databases
  • Matches Common Vulnerabilities and Exposures (CVE) patterns
  • Identifies known security issues across multiple ecosystems
  • Analyzes transitive dependency vulnerabilities
  • Provides CVSS scores and exploit assessments
  • Tracks vulnerability disclosure timelines
  • Maps vulnerabilities to dependency paths

Multi-Language Support

  • JavaScript/Node.js: package.json, package-lock.json, yarn.lock
  • Python: requirements.txt, pyproject.toml, Pipfile.lock, poetry.lock
  • Go: go.mod, go.sum
  • Rust: Cargo.toml, Cargo.lock
  • Ruby: Gemfile, Gemfile.lock
  • Java/Maven: pom.xml, gradle.lockfile
  • PHP: composer.json, composer.lock
  • C#/.NET: packages.config, project.assets.json

2. License Compliance & Legal Risk Assessment

License Classification System

  • Permissive Licenses: MIT, Apache 2.0, BSD (2-clause, 3-clause), ISC
  • Copyleft (Strong): GPL (v2, v3), AGPL (v3)
  • Copyleft (Weak): LGPL (v2.1, v3), MPL (v2.0)
  • Proprietary: Commercial, custom, or restrictive licenses
  • Dual Licensed: Multi-license scenarios and compatibility
  • Unknown/Ambiguous: Missing or unclear licensing

Conflict Detection

  • Identifies incompatible license combinations
  • Warns about GPL contamination in permissive projects
  • Analyzes license inheritance through dependency chains
  • Provides compliance recommendations for distribution
  • Generates legal risk matrices for decision-making

3. Outdated Dependency Detection

Version Analysis

  • Identifies dependencies with available updates
  • Categorizes updates by severity (patch, minor, major)
  • Detects pinned versions that may be outdated
  • Analyzes semantic versioning patterns
  • Identifies floating version specifiers
  • Tracks release frequencies and maintenance status
Read Full Documentation on GitHub

Metadata

Author@alirezarezvani
Stars4473
Views0
Updated2026-05-01
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-alirezarezvani-dependency-auditor": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

intl-expansion

International market expansion strategy. Market selection, entry modes, localization, regulatory compliance, and go-to-market by region. Use when expanding to new countries, evaluating international markets, planning localization, or building regional teams.

alirezarezvani 4473

marketing-strategy-pmm

Product marketing skill for positioning, GTM strategy, competitive intelligence, and product launches. Use when the user asks about product positioning, go-to-market planning, competitive analysis, target audience definition, ICP definition, market research, launch plans, or sales enablement. Covers April Dunford positioning, ICP definition, competitive battlecards, launch playbooks, and international market entry. Produces deliverables including positioning statements, battlecard documents, launch plans, and go-to-market strategies.

alirezarezvani 4473

paid-ads

When the user wants help with paid advertising campaigns on Google Ads, Meta (Facebook/Instagram), LinkedIn, Twitter/X, or other ad platforms. Also use when the user mentions 'PPC,' 'paid media,' 'ad copy,' 'ad creative,' 'ROAS,' 'CPA,' 'ad campaign,' 'retargeting,' or 'audience targeting.' This skill covers campaign strategy, ad creation, audience targeting, and optimization.

alirezarezvani 4473

qms-audit-expert

ISO 13485 internal audit expertise for medical device QMS. Covers audit planning, execution, nonconformity classification, and CAPA verification. Use for internal audit planning, audit execution, finding classification, external audit preparation, or audit program management.

alirezarezvani 4473

code-reviewer

Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin. Analyzes PRs for complexity and risk, checks code quality for SOLID violations and code smells, generates review reports. Use when reviewing pull requests, analyzing code quality, identifying issues, generating review checklists.

alirezarezvani 4473