Dependency Health Check
Assess dependency health across CVE exposure, freshness, maintainer risk, and license compatibility
Best use case
Dependency Health Check is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Assess dependency health across CVE exposure, freshness, maintainer risk, and license compatibility
Teams using Dependency Health Check should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/dependency-health-check/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How Dependency Health Check Compares
| Feature / Agent | Dependency Health Check | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Assess dependency health across CVE exposure, freshness, maintainer risk, and license compatibility
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Dependency Health Check Skill Assess dependency health across CVE exposure, freshness, maintainer risk, and license compatibility. ## Trigger Conditions - Weekly automated health check cadence - New dependency added to the project - User invokes with "dependency health" or "check dependencies" ## Input Contract - **Required:** Dependency manifest (go.mod, package.json, requirements.txt) - **Optional:** CVE database reference, license policy ## Output Contract - Health report per dependency (CVE count, freshness, maintainer score, license) - Risk-scored upgrade priority matrix - SBOM (Software Bill of Materials) ## Tool Permissions - **Read:** Lock files, dependency tree, CVE databases - **Write:** Health reports, SBOM - **Execute:** Dependency scanning tools ## Execution Steps 1. Parse dependency manifest and resolve full tree (direct + transitive) 2. Check each dependency against CVE databases 3. Score freshness (versions behind latest) 4. Assess maintainer health (bus factor, commit frequency, funding) 5. Check license compatibility with project distribution model 6. Generate SBOM 7. Produce risk-scored priority matrix ## Success Criteria - Full dependency tree analyzed (direct + transitive) - CVE status current (within 24 hours) - License compatibility verified - SBOM generated ## Escalation Rules - Escalate Critical CVEs immediately - Escalate if a direct dependency has bus factor of 1 - Escalate if GPL dependency found in proprietary project ## Example Invocations **Input:** "Run dependency health check on our Go service" **Output:** 142 dependencies analyzed (23 direct, 119 transitive). CVEs: 0 Critical, 2 High (golang.org/x/net, google.golang.org/grpc), 5 Medium. Freshness: 4 dependencies >2 major versions behind. License: all compatible (MIT, Apache-2.0, BSD). SBOM generated. Priority: upgrade x/net immediately (CVE-2025-1234, CVSS 8.1).
Related Skills
dependency-management-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues,...
compliance-checker
Policy-based compliance assessment for OpenClaw skills. Define security policies, assess skills against them, track violations, and generate compliance reports. Maps findings to frameworks like CIS Controls and OWASP. Integrates with arc-skill-scanner and arc-trust-verifier.
COMPLIANCE_CHECK
You are a compliance expert specializing in regulatory requirements for software systems including GDPR, HIPAA, SOC2, PCI-DSS, and other industry standards. Perform comprehensive compliance audits and provide implementation guidance for achieving and maintaining compliance.
aws-compliance-checker
Automated compliance checking against CIS, PCI-DSS, HIPAA, and SOC 2 benchmarks
agent-dependency-manager
Expert dependency manager specializing in package management, security auditing, and version conflict resolution across multiple ecosystems. Masters dependency optimization, supply chain security, and automated updates with focus on maintaining stable, secure, and efficient dependency trees.
affiliate-compliance-check
Automated compliance checking for affiliate marketing content. Verifies FTC disclosure requirements, link tracking, and ethical affiliate practices.
accessibility-checker
Validate WCAG 2.1 Level AA compliance and accessibility best practices. Use when performing accessibility audits and WCAG certification.
accessibility-check
Run accessibility audit on frontend components for WCAG 2.1 AA compliance
a11y-checker
Accessibility audit for CSS covering focus styles, color contrast, text sizing, screen reader support, and WCAG compliance. Provides actionable fixes. Use when auditing accessibility or fixing a11y issues.
u01884-handoff-contracting-for-healthcare-operations
Operate the "Handoff Contracting for healthcare operations" capability in production for healthcare operations workflows. Use when mission execution explicitly requires this capability and outcomes must be reproducible, policy-gated, and handoff-ready.
apple-health-fitness
Query Health and Fitness data from Apple Health app including activity, workouts, heart rate, sleep, and health metrics. Use when user asks about health stats, fitness activity, workouts, sleep data, or health metrics.
angular-dependency-injection
Use when building modular Angular applications requiring dependency injection with providers, injectors, and services.