ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

depguard

Dependency audit, vulnerability scanning, and license compliance. Free vuln check + paid continuous monitoring via git hooks.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/suhteevah/depguard
Or

DepGuard — Dependency Audit & License Compliance

DepGuard scans your project dependencies for known vulnerabilities, license violations, and outdated packages. It uses native package manager audit tools (npm audit, pip-audit, cargo-audit, etc.) and enriches results with license analysis and risk scoring.

Commands

Free Tier (No license required)

depguard scan [directory]

One-shot vulnerability and license scan of your project dependencies.

How to execute:

bash "<SKILL_DIR>/scripts/depguard.sh" scan [directory]

What it does:

  1. Detects package manager (npm, yarn, pnpm, pip, cargo, go, composer, bundler, maven, gradle)
  2. Runs native audit commands (npm audit, pip-audit, cargo audit, etc.)
  3. Parses dependency manifests for license information
  4. Generates a security report with severity levels
  5. Lists packages with problematic or unknown licenses

Example usage scenarios:

  • "Scan my dependencies for vulnerabilities" → runs depguard scan .
  • "Check the licenses of my node modules" → runs depguard scan . --licenses-only
  • "Are any of my packages insecure?" → runs depguard scan

depguard report [directory]

Generate a formatted dependency health report in markdown.

bash "<SKILL_DIR>/scripts/depguard.sh" report [directory]

Pro Tier ($19/user/month — requires DEPGUARD_LICENSE_KEY)

depguard hooks install

Install git hooks that scan dependencies on every commit that modifies lockfiles.

bash "<SKILL_DIR>/scripts/depguard.sh" hooks install

What it does:

  1. Validates Pro+ license
  2. Installs lefthook pre-commit hook targeting lockfile changes
  3. On every commit that modifies package-lock.json, yarn.lock, Cargo.lock, etc.: runs vulnerability scan, blocks commit if critical/high vulns found

depguard hooks uninstall

Remove DepGuard git hooks.

bash "<SKILL_DIR>/scripts/depguard.sh" hooks uninstall

depguard watch [directory]

Continuous monitoring — re-scans on any lockfile change.

bash "<SKILL_DIR>/scripts/depguard.sh" watch [directory]

depguard fix [directory]

Auto-fix vulnerabilities by upgrading to patched versions where available.

bash "<SKILL_DIR>/scripts/depguard.sh" fix [directory]

Team Tier ($39/user/month — requires DEPGUARD_LICENSE_KEY with team tier)

depguard policy [directory]

Enforce a dependency policy: block specific licenses, require minimum versions, deny specific packages.

bash "<SKILL_DIR>/scripts/depguard.sh" policy [directory]

depguard sbom [directory]

Generate a Software Bill of Materials (SBOM) in CycloneDX or SPDX format.

bash "<SKILL_DIR>/scripts/depguard.sh" sbom [directory]

depguard compliance [directory]

Generate a compliance report for auditors — maps licenses to categories (permissive, copyleft, proprietary, unknown).

bash "<SKILL_DIR>/scripts/depguard.sh" compliance [directory]
Read Full Documentation on GitHub

Metadata

Author@suhteevah
Stars982
Views0
Updated2026-02-14
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-suhteevah-depguard": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.