Summary
This is an orchestrator skill that runs Software Composition Analysis on your codebase by spawning a chain of subagents to hunt for dependency vulnerabilities. It installs a binary called wraith, discovers lockfiles across multiple ecosystems (package-lock.json, go.mod, Gemfile.lock), scans them for CVEs, then analyzes each finding for exploitability before generating a report. Everything gets stored under ~/.ghost/repos with per-commit scan directories. The multi-agent workflow is interesting but adds layers between you and the actual scanner. If you need a quick dependency audit and don't mind the orchestration overhead, it covers the major package managers. The exploitability analysis step could be genuinely useful for triaging noisy CVE lists.
Install to Claude Code
npx -y skills add ghostsecurity/skills --skill ghost-scan-deps --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →First SeenJun 11, 2026
