원클릭으로
dependabot
Fetch open Dependabot alerts for a GitHub repository, review them, and update vulnerable dependencies.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Fetch open Dependabot alerts for a GitHub repository, review them, and update vulnerable dependencies.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
| name | dependabot |
| description | Fetch open Dependabot alerts for a GitHub repository, review them, and update vulnerable dependencies. |
| user-invocable | true |
| argument-hint | OWNER REPO |
| allowed-tools | Bash, Read, Write, Edit, Glob, Grep, AskUserQuestion |
Fetch open Dependabot security alerts for a GitHub repository and write them to alerts.txt in the current working directory.
The gh CLI must be authenticated. The active account's token needs the security_events scope.
gh auth logingh auth refresh -h github.com -s security_eventsgh auth switchBefore running the script, check which gh accounts are available and which is active:
gh auth status
If there is more than one account, use AskUserQuestion to ask the user which account they want to use. List the available account usernames as options.
Once the user selects an account, switch to it:
gh auth switch -u SELECTED_ACCOUNT
After the skill finishes (whether it succeeds or fails), restore the original active account:
gh auth switch -u ORIGINAL_ACCOUNT
bash "${CLAUDE_SKILL_DIR}/dependabot.sh" OWNER REPO > alerts.txt
If the user provides $ARGUMENTS (e.g., wjgilmore securitybot.dev), use them as OWNER and REPO:
bash "${CLAUDE_SKILL_DIR}/dependabot.sh" $ARGUMENTS > alerts.txt
If no arguments are provided, the script infers OWNER and REPO from the current git remote automatically:
bash "${CLAUDE_SKILL_DIR}/dependabot.sh" > alerts.txt
alerts.txt to review the alerts.npm update, composer update, etc.).alerts.txt — it is a temporary file and should not be committed.