Scans your project dependencies for known CVEs using npm audit and the claude-flow security toolkit. It categorizes vulnerabilities by severity with specific response workflows: critical issues block deployment, high gets fixed before release, moderate within the sprint, low goes to backlog. You can run manual scans or set up continuous monitoring via MCP hooks. The auto-fix option (`--fix` flag) is convenient but you'll want to review what it changes before committing. Solid for teams that need structured vulnerability management rather than just seeing audit warnings and ignoring them.
npx skills add https://github.com/ruvnet/ruflo --skill dependency-check