ワンクリックで
dependabot
Fetch open Dependabot alerts for a GitHub repository, review them, and update vulnerable dependencies.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Fetch open Dependabot alerts for a GitHub repository, review them, and update vulnerable dependencies.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
| name | dependabot |
| description | Fetch open Dependabot alerts for a GitHub repository, review them, and update vulnerable dependencies. |
| user-invocable | true |
| argument-hint | OWNER REPO |
| allowed-tools | Bash, Read, Write, Edit, Glob, Grep, AskUserQuestion |
Fetch open Dependabot security alerts for a GitHub repository and write them to alerts.txt in the current working directory.
The gh CLI must be authenticated. The active account's token needs the security_events scope.
gh auth logingh auth refresh -h github.com -s security_eventsgh auth switchBefore running the script, check which gh accounts are available and which is active:
gh auth status
If there is more than one account, use AskUserQuestion to ask the user which account they want to use. List the available account usernames as options.
Once the user selects an account, switch to it:
gh auth switch -u SELECTED_ACCOUNT
After the skill finishes (whether it succeeds or fails), restore the original active account:
gh auth switch -u ORIGINAL_ACCOUNT
bash "${CLAUDE_SKILL_DIR}/dependabot.sh" OWNER REPO > alerts.txt
If the user provides $ARGUMENTS (e.g., wjgilmore securitybot.dev), use them as OWNER and REPO:
bash "${CLAUDE_SKILL_DIR}/dependabot.sh" $ARGUMENTS > alerts.txt
If no arguments are provided, the script infers OWNER and REPO from the current git remote automatically:
bash "${CLAUDE_SKILL_DIR}/dependabot.sh" > alerts.txt
alerts.txt to review the alerts.npm update, composer update, etc.).alerts.txt — it is a temporary file and should not be committed.