This is your go-to for scanning project dependencies across multiple package ecosystems to find CVEs, license issues, and supply chain risks. It'll generate SBOMs, flag outdated packages, and suggest remediation paths without auto-applying changes (which is smart, since dependency updates can break things). Works across npm, pip, Maven, and other major ecosystems using modern 2024/2025 tooling. Best used during security audits or when you need compliance artifacts. Won't help with runtime security testing or if you don't have manifest files to scan. The safety guardrails are sensible: it asks before making changes and treats dependency updates as release-impacting events.
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill security-scanning-security-dependencies