with one click
dep-audit
Audit dependency security risks
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Menu
Audit dependency security risks
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
Repository-only probe used to determine whether Codex can keep a skill manually invokable while excluding it from implicit routing.
Create, update, batch-sync, or scan date-prefixed single-task request tickets under docs/features/*/requests/. Use for breaking a tech spec into execution tickets, tracking acceptance-criteria progress, finding incomplete or stale requests, or independently verifying one ticket's acceptance criteria. Do not use for feature-wide requirements, technical design, or implementation.
Implement a non-trivial feature end to end with scoped exploration, explicit acceptance criteria, incremental edits, independent review, and deterministic verification. Use when the user asks to build or extend behavior rather than make a tiny isolated edit.
Review the current dirty worktree with a configured Codex-first or Claude primary subagent plus one independent read-only Codex test perspective, fix actionable findings, and record a fingerprint-bound review gate. Use before finishing code or documentation changes, after fixes invalidate prior review, or when the sd0x stop hook requests review.
Install or refresh sd0x Dev Flow project guidance and custom reviewer agents in the current repository. Use when configuring this Codex plugin for a repo, onboarding a project, or repairing missing sd0x AGENTS.md and .codex/agents files.
Create or update GitHub PR with gh CLI. Auto-extracts ticket ID from branch name, generates title/summary from commits. Auto-detects existing PR and switches to update mode. Default: --dry-run (show command, don't execute). Use when: user asks to open/create/update a PR, says /create-pr, wants to refresh PR description after new commits, or says 'update pr', 'update PR title', 'refresh PR body'.
| name | dep-audit |
| description | Audit dependency security risks |
| allowed-tools | Bash(yarn audit:*), Bash(npm audit:*), Bash(pnpm audit:*), Bash(npx:*), Bash(bash:*), Read, Glob |
/codex-security)/codex-review-fast)/codex-security)| Step | Goal | Safety |
|---|---|---|
| audit | Scan dependencies for vulnerabilities | read-only |
Failure behavior: report-all
$ARGUMENTS
--level <severity> — Minimum reporting level (low/moderate/high/critical), default: moderate--fix — Attempt automatic fixUse Glob to check if .claude/scripts/dep-audit.sh exists in the project root.
bash .claude/scripts/dep-audit.sh $ARGUMENTS
Detect the project ecosystem and run the audit manually.
Ecosystem detection (check project root for manifest files):
| Manifest | Ecosystem | Audit Command | Fix Command |
|---|---|---|---|
package.json + pnpm-lock.yaml | Node (pnpm) | pnpm audit --audit-level {LEVEL} | pnpm audit --fix |
package.json + yarn.lock | Node (yarn) | yarn audit --level {LEVEL} | yarn audit --fix or npx yarn-audit-fix |
package.json | Node (npm) | npm audit --audit-level={LEVEL} | npm audit fix |
pyproject.toml | Python | pip-audit or safety check | pip-audit --fix |
Cargo.toml | Rust | cargo audit | cargo audit fix |
go.mod | Go | govulncheck ./... | (manual fix) |
build.gradle | Java | ./gradlew dependencyCheckAnalyze | (manual fix) |
Default {LEVEL} is moderate unless --level argument is provided.
If --fix is specified, run the fix command for the detected ecosystem after audit.
If no recognized manifest file exists, report an error.
## Audit Results
| Severity | Count |
|----------|-------|
| Critical | 0 |
| High | 0 |
| Moderate | 0 |
| Low | 0 |
## Vulnerability Details
### [severity] Issue Title
- **Package**: package-name
- **Fix**: Available / Not available
## Gate
✅ **PASS** — No moderate or above vulnerabilities
❌ **FAIL** — Found high severity vulnerabilities
/dep-audit
/dep-audit --level high
/dep-audit --fix