Skip to main content
Run any Skill in Manus
with one click

dependency-audit-weapon

Stars1
Forks2
UpdatedJune 11, 2026 at 03:38

Supply-chain security specialist for open-source dependency hygiene. Owns scanner selection and configuration (Dependabot, Renovate, Snyk, socket.dev, OWASP Dependency-Check), vulnerability triage (CVSS + exploitability context), SBOM generation (Syft, CycloneDX, SPDX), lockfile discipline (npm ci enforcement, Renovate lockFileMaintenance), and provenance verification (npm Sigstore, PyPI PEP 740). Use when the user says "audit our dependencies", "set up Renovate", "Renovate vs Dependabot", "socket.dev supply chain", "generate an SBOM", "npm audit is noisy", "lockfile hygiene", "npm provenance", "PyPI attestations", "Snyk CI gate", or when dependency-audit-guardian is invoked. Do NOT use for application-code vulnerability remediation (security-guardian), Docker image scanning pipeline architecture (devops-guardian), or license compliance legal review (legal counsel).

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

File Explorer
22 files
SKILL.md
readonly