一键导入
dependabot
Fetch open Dependabot alerts for a GitHub repository, review them, and update vulnerable dependencies.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Fetch open Dependabot alerts for a GitHub repository, review them, and update vulnerable dependencies.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | dependabot |
| description | Fetch open Dependabot alerts for a GitHub repository, review them, and update vulnerable dependencies. |
| user-invocable | true |
| argument-hint | OWNER REPO |
| allowed-tools | Bash, Read, Write, Edit, Glob, Grep, AskUserQuestion |
Fetch open Dependabot security alerts for a GitHub repository and write them to alerts.txt in the current working directory.
The gh CLI must be authenticated. The active account's token needs the security_events scope.
gh auth logingh auth refresh -h github.com -s security_eventsgh auth switchBefore running the script, check which gh accounts are available and which is active:
gh auth status
If there is more than one account, use AskUserQuestion to ask the user which account they want to use. List the available account usernames as options.
Once the user selects an account, switch to it:
gh auth switch -u SELECTED_ACCOUNT
After the skill finishes (whether it succeeds or fails), restore the original active account:
gh auth switch -u ORIGINAL_ACCOUNT
bash "${CLAUDE_SKILL_DIR}/dependabot.sh" OWNER REPO > alerts.txt
If the user provides $ARGUMENTS (e.g., wjgilmore securitybot.dev), use them as OWNER and REPO:
bash "${CLAUDE_SKILL_DIR}/dependabot.sh" $ARGUMENTS > alerts.txt
If no arguments are provided, the script infers OWNER and REPO from the current git remote automatically:
bash "${CLAUDE_SKILL_DIR}/dependabot.sh" > alerts.txt
alerts.txt to review the alerts.npm update, composer update, etc.).alerts.txt — it is a temporary file and should not be committed.