This is a security auditing tool that checks your dependencies for known CVEs across eight package ecosystems, from npm to Rust's cargo. It wraps the standard audit tools (npm audit, pip-audit, cargo-audit) into a unified interface and pulls from databases like NVD and GitHub Advisory. The auto-fix mode is the practical bit here, it'll bump versions within semver constraints and show you what it can't fix automatically. You can filter by severity, target specific package managers, or run a broader health check that flags deprecated and unmaintained packages. Good for CI pipelines or before you merge dependency updates, especially if you're working across multiple language stacks and don't want to remember each ecosystem's audit command.
npx skills add https://github.com/jwynia/agent-skills --skill dependency-scan