dependency-audit

Audit dependencies across projects in your organization's swarm. Use when you need to find version conflicts, outdated packages, or security risks across teams. Also use when the user asks for a "dependency audit", "version check across projects", "package alignment", or wants to standardize dependencies org-wide. Requires an active swarm connection.

8 stars

Best use case

dependency-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Audit dependencies across projects in your organization's swarm. Use when you need to find version conflicts, outdated packages, or security risks across teams. Also use when the user asks for a "dependency audit", "version check across projects", "package alignment", or wants to standardize dependencies org-wide. Requires an active swarm connection.

Teams using dependency-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/dependency-audit/SKILL.md --create-dirs "https://raw.githubusercontent.com/goondocks-co/open-agent-kit/main/.agents/skills/dependency-audit/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/dependency-audit/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How dependency-audit Compares

Feature / Agentdependency-auditStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Audit dependencies across projects in your organization's swarm. Use when you need to find version conflicts, outdated packages, or security risks across teams. Also use when the user asks for a "dependency audit", "version check across projects", "package alignment", or wants to standardize dependencies org-wide. Requires an active swarm connection.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Dependency Audit

Audit dependencies across connected swarm nodes to find version conflicts,
outdated packages, and standardization opportunities.

## Workflow

### 1. Verify Connectivity

```
swarm_status()
swarm_nodes()
```

If disconnected or fewer than 2 nodes are available, inform the user — a
cross-project audit needs multiple projects to compare.

### 2. Gather Dependency Data

Search for dependency-related information across the swarm:

```
# Package manifests and dependency choices
swarm_search(query="package.json dependencies pyproject.toml requirements", search_type="all", limit=20)

# Dependency decisions and rationale
swarm_search(query="dependency choices and version decisions", search_type="memory", limit=20)

# Known dependency issues
swarm_search(query="dependency conflicts outdated packages security vulnerabilities", search_type="memory", limit=15)
```

Also read the local project's dependency manifests for comparison:

```
# Check what exists locally
Glob("**/package.json")
Glob("**/pyproject.toml")
Glob("**/requirements*.txt")
Glob("**/Cargo.toml")
Glob("**/go.mod")
```

Read the relevant manifests to extract dependency lists.

### 3. Fetch Details for Key Findings

For search results that indicate conflicts or interesting patterns:

```
swarm_fetch(ids=["<chunk-id>"], project_slug="<project>")
```

### 4. Write the Audit Report

Write to `oak/insights/dependency-audit-report.md`:

```markdown
# Dependency Audit Report

> Generated: YYYY-MM-DD | Projects audited: N

## Executive Summary

Brief overview of findings — number of conflicts found, critical risks, and
top recommendations for alignment.

## Version Conflict Analysis

| Package | Project A | Project B | Risk Level | Notes |
|---------|-----------|-----------|------------|-------|
| ...     | v1.2.3    | v3.0.0    | High       | Major version mismatch |

Focus on:
- Same package at different major versions across projects
- Pinned versions that differ significantly
- Transitive dependency risks

## Security Assessment

Flag dependencies that may pose risks:
- Very outdated packages (2+ major versions behind current)
- Packages with known deprecation notices
- Unusual or unmaintained dependencies

## Standardization Recommendations

| Action | Packages | Projects Affected | Priority |
|--------|----------|-------------------|----------|
| Align to v4.x | react | project-a, project-b | High |
| ...    | ...      | ...               | ...      |

Suggest:
- Packages that should converge to one version
- Shared internal packages that could reduce duplication
- Upgrade paths for outdated dependencies

## Shared Dependencies

Packages used across multiple projects (potential extraction candidates):
- List common utilities, frameworks, and tools
- Note where versions already align (positive signal)
```

### CLI Fallback

```bash
oak-dev swarm status
oak-dev swarm nodes
oak-dev swarm search "dependencies packages versions" --type all -n 20
oak-dev swarm search "dependency decisions" --type memory -n 20
```

## Tips

- **Local manifests are your ground truth.** Always read the current project's
  actual dependency files — swarm search results are summaries and may be stale.
- **Focus on actionable conflicts.** Minor patch version differences aren't
  worth reporting. Highlight major version mismatches and known-broken
  combinations.
- **Group by risk level.** Security issues first, then breaking conflicts, then
  alignment opportunities.
- **Limited data is normal.** Swarm search returns what teams have discussed
  and committed — it may not have complete dependency lists. Note coverage gaps.

## Deep Dives

Consult these reference documents for deeper guidance:

- **`references/audit-examples.md`** — Good and bad audit report examples with a risk assessment framework. Read this before writing the report.
- **`references/search-strategies.md`** — How to write effective swarm queries, when to use each search type, and how to correlate results across projects.

Related Skills

playwright-cli

8
from goondocks-co/open-agent-kit

Automates browser interactions for web testing, form filling, screenshots, and data extraction. Use when the user needs to navigate websites, interact with web pages, fill forms, take screenshots, test web applications, or extract information from web pages.

swarm

8
from goondocks-co/open-agent-kit

Search across multiple projects in your organization's swarm. Use when you need cross-project patterns, org-level conventions, shared decisions, or want to know how other projects solved a problem. Complements the oak (team) skill which covers single-project knowledge. Also use when the user mentions swarm_search, swarm_fetch, swarm_nodes, swarm_status, or asks about what other teams/projects have done, cross-project dependencies, org-wide patterns, or collective knowledge across the organization.

swarm-report

8
from goondocks-co/open-agent-kit

Generate a cross-project comparative report from your organization's swarm. Use when you need an overview of all connected projects, want to compare activity levels, find shared patterns, or identify collaboration opportunities across teams. Also use when the user asks for a "swarm report", "cross-project analysis", "org overview", or wants to understand how projects relate to each other. Requires an active swarm connection.

project-governance

8
from goondocks-co/open-agent-kit

Create and maintain project constitutions and agent instruction files. Use when establishing coding standards, adding project rules, creating agent guidance files, syncing rules across agents, or improving AI agent consistency. Also supports RFC/ADR documents for formalizing technical decisions that feed into the constitution.

pattern-finder

8
from goondocks-co/open-agent-kit

Find recurring code patterns, architectural decisions, and shared conventions across projects in your organization's swarm. Use when you want to discover what patterns other teams use, find candidates for shared libraries, or standardize approaches across the org. Also use when the user asks to "find patterns across projects", "what conventions do other teams follow", "shared code opportunities", or anything about org-wide code reuse. Requires an active swarm connection.

oak

8
from goondocks-co/open-agent-kit

Find out what happened, what was decided, and what depends on what in your codebase. Use this skill whenever you need to: recall past decisions or discussions ("what did we decide about X?"), check what might break before refactoring ("what depends on this module?"), find conceptually similar code that grep would miss ("all the retry/backoff logic"), look up past bugs, gotchas, or learnings, query session history or agent run costs, store observations about the codebase, or understand how components connect end-to-end. Powered by semantic search, memory lookup, and direct SQL against the Oak CI database (.oak/ci/activities.db). Also use when the user mentions oak_search, oak_context, oak_remember, oak_resolve_memory, or asks to run queries against activities.db or oak.

context-engineering

8
from goondocks-co/open-agent-kit

Design effective prompts and optimize context for AI models and agents. Covers prompt engineering foundations (clarity, examples, chain of thought, XML structure), the four context engineering strategies (Write, Select, Compress, Isolate), agent memory and session patterns, and before/after examples showing measurable improvement. Use when writing system prompts, designing agent workflows, optimizing context windows, building prompt templates, structuring few-shot examples, reducing context rot, or improving AI output quality.

zeroize-audit

16
from plurigrid/asi

Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing C/C++/Rust code handling secrets, keys, passwords, or other sensitive data.

supply-chain-risk-auditor

16
from plurigrid/asi

Identifies dependencies at heightened risk of exploitation or takeover. Use when assessing supply chain attack surface, evaluating dependency health, or scoping security engagements.

smack-policy-auditor

16
from plurigrid/asi

Analyzes SMACK policy files for correctness, label conflicts, and access control issues. Verifies mandatory access control rules.

performing-soc2-type2-audit-preparation

16
from plurigrid/asi

Automates SOC 2 Type II audit preparation including gap assessment against AICPA Trust Services Criteria (CC1-CC9), evidence collection from cloud providers and identity systems, control testing validation, remediation tracking, and continuous compliance monitoring. Covers all five TSC categories (Security, Availability, Processing Integrity, Confidentiality, Privacy) with automated evidence gathering from AWS, Azure, GCP, Okta, GitHub, and Jira. Use when preparing for or maintaining SOC 2 Type II certification.

performing-service-account-audit

16
from plurigrid/asi

Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant accounts. This skill covers discovery of service accounts in Active Directory, cloud pl