Jeden Skill in Manus ausführen
mit einem Klick

Jeden Skill in Manus mit einem Klick ausführen

$pwd:

dependency-audit

Name: Dependency Audit
Author: agulli

// Audit project dependencies for vulnerabilities, license issues, and bloat. Use when asked to check dependencies, audit packages, find vulnerable libraries, or reduce bundle size.

In Manus ausführen

$ git log --oneline --stat

stars:242

forks:51

updated:13. Mai 2026 um 10:10

SKILL.md

readonly

name	dependency-audit
description	Audit project dependencies for vulnerabilities, license issues, and bloat. Use when asked to check dependencies, audit packages, find vulnerable libraries, or reduce bundle size.
license	MIT
compatibility	Requires pip or npm/yarn/pnpm

Process

Identify the package manager. Look for:
- requirements.txt / pyproject.toml / Pipfile → Python (pip/uv)
- package.json → Node.js (npm/yarn/pnpm)
- go.mod → Go
- Cargo.toml → Rust
Run vulnerability scan.
- Python: pip audit or uvx pip-audit
- Node.js: npm audit or npx better-npm-audit audit
- Go: govulncheck ./...
Check for outdated packages.
- Python: pip list --outdated
- Node.js: npm outdated
License audit. Check that no dependency uses a copyleft license (GPL, AGPL) in a proprietary project:
- Python: uvx pip-licenses --order=license
- Node.js: npx license-checker --summary
Identify unused dependencies.
- Python: Check each import with grep -r "import <package>" src/
- Node.js: npx depcheck
Write the report as a markdown table with columns: Package, Current Version, Latest Version, Vulnerabilities, License, Status (keep/update/remove).

Rationalizations

Excuse	Rebuttal
"We'll update dependencies later"	Known vulnerabilities are actively exploited. Flag them now.
"It's a dev dependency, it doesn't matter"	Dev dependencies run in CI and on developer machines — they are attack surface.
"Removing unused deps might break something"	If nothing imports it, nothing uses it. Remove it.

Verification

Vulnerability scan was executed (not estimated)
Every critical/high vulnerability has a recommended action (update version or replace package)
License compatibility was checked against the project's license

related-skills.json

gleiches Repository

api-design.md

from "agulli/atlas-agents"

Design or review REST and GraphQL API interfaces. Use when asked to design an API, review endpoint structure, define request/response schemas, or improve API ergonomics.

2026-05-13242

code-review.md

from "agulli/atlas-agents"

Perform a structured security and quality audit on source code. Use when asked to review code, audit a pull request, check for vulnerabilities, or assess code quality.

2026-05-13242

data-pipeline.md

from "agulli/atlas-agents"

Design, build, or debug data processing pipelines. Use when asked to process a dataset, transform data, build an ETL pipeline, schedule batch jobs, or fix data quality issues.

2026-05-13242

database-migration.md

from "agulli/atlas-agents"

Safely run database schema migrations. Use when asked to update database schema, add columns, create tables, run alembic, or apply Django migrations.

2026-05-13242

deploy-checklist.md

from "agulli/atlas-agents"

Execute a structured deployment to staging or production. Use when asked to deploy, ship, release, push to production, or promote to staging.

2026-05-13242

documentation-writer.md

from "agulli/atlas-agents"

Write or update technical documentation for code, APIs, or systems. Use when asked to document a module, write a README, generate API docs, or update existing documentation.

2026-05-13242

package.json

"author": "agulli"

"repository": "agulli/atlas-agents"

GitHub-Repository öffnen Creator-Repositorys ansehen

$ install --global

$ download --local

In Manus ausführen

$ useful --forSOC

InformationssicherheitsanalystenInformatik- und Mathematikberufe15-1212L4

name	dependency-audit
description	Audit project dependencies for vulnerabilities, license issues, and bloat. Use when asked to check dependencies, audit packages, find vulnerable libraries, or reduce bundle size.
license	MIT
compatibility	Requires pip or npm/yarn/pnpm

Process

Identify the package manager. Look for:
- requirements.txt / pyproject.toml / Pipfile → Python (pip/uv)
- package.json → Node.js (npm/yarn/pnpm)
- go.mod → Go
- Cargo.toml → Rust
Run vulnerability scan.
- Python: pip audit or uvx pip-audit
- Node.js: npm audit or npx better-npm-audit audit
- Go: govulncheck ./...
Check for outdated packages.
- Python: pip list --outdated
- Node.js: npm outdated
License audit. Check that no dependency uses a copyleft license (GPL, AGPL) in a proprietary project:
- Python: uvx pip-licenses --order=license
- Node.js: npx license-checker --summary
Identify unused dependencies.
- Python: Check each import with grep -r "import <package>" src/
- Node.js: npx depcheck
Write the report as a markdown table with columns: Package, Current Version, Latest Version, Vulnerabilities, License, Status (keep/update/remove).

Rationalizations

Excuse	Rebuttal
"We'll update dependencies later"	Known vulnerabilities are actively exploited. Flag them now.
"It's a dev dependency, it doesn't matter"	Dev dependencies run in CI and on developer machines — they are attack surface.
"Removing unused deps might break something"	If nothing imports it, nothing uses it. Remove it.

Verification

Vulnerability scan was executed (not estimated)
Every critical/high vulnerability has a recommended action (update version or replace package)
License compatibility was checked against the project's license

dependency-audit

Process

Rationalizations

Verification

Mehr aus diesem Repository

Mehr aus diesem Repository

Process

Rationalizations

Verification