audit

Run dependency security audit using pip-audit. Use when checking for known vulnerabilities in project dependencies.

13 stars

Best use case

audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Run dependency security audit using pip-audit. Use when checking for known vulnerabilities in project dependencies.

Teams using audit should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/audit/SKILL.md --create-dirs "https://raw.githubusercontent.com/tae0y/python-project-template/main/.claude/skills/audit/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/audit/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How audit Compares

Feature / AgentauditStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Run dependency security audit using pip-audit. Use when checking for known vulnerabilities in project dependencies.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Dependency Security Audit

Scan project dependencies for known security vulnerabilities.

## Execution

Run via pre-commit (preferred):

```bash
uv run pre-commit run pip-audit --hook-stage manual
```

Or directly:

```bash
uv run pip-audit --desc --require-hashes
```

## Output Format

Summarize results as:

```
## Dependency Security Audit

### Summary
- Packages scanned: [count]
- Vulnerabilities found: [count]

### Vulnerabilities
- [package] [version]
  - CVE: [CVE-ID]
  - Severity: [Critical/High/Medium/Low]
  - Description: [brief description]
  - Fix version: [version]

### Recommended Actions
- Upgrade immediately: [package list]
- Consider replacement: [package list]
```

Triage by severity:
- Critical/High → "Upgrade immediately"
- Medium → "Address in next update cycle"
- Low → "Monitor"

If no vulnerabilities: output `Dependency audit passed ✓` only.

## When to Run

| Trigger | Action |
|---------|--------|
| New external dependency added | Run immediately after `uv add` |
| Monthly cadence | Run and log result (even if clean) |
| Before major release | Run as part of release checklist |

## Execution Log

After each audit run, append a one-line entry to `localdocs/worklog.done.md`:

```
worklog done  audit YYYY-MM-DD — [N vulnerabilities / clean]
```

This creates a lightweight audit trail without a separate log file.

## Notes

- Detects known vulnerabilities in **installed packages** only
- For code-level security issues, use the `check` skill (bandit)
- Hook `check-external-lib-usage.sh` reminds you to run audit after new imports

Related Skills

worklog

13
from tae0y/python-project-template

Update worklog files by moving tasks between todo/doing/done states. Use when recording task progress, starting new work, or marking tasks complete. Requires explicit arguments: worklog [done|doing|todo] [description].

template-proposal-review

13
from tae0y/python-project-template

Review proposal files in localdocs/localdocs/proposals/ and decide whether to apply them to the upstream python-project-template repository. Use when evaluating proposals generated by template-upstream, deciding which ones to accept or reject, and applying accepted ones to the template repo. Triggers on: "proposal 검토", "제안 검토", "template에 반영할지", "proposals 리뷰", "upstream 반영 결정".

template-downstream

13
from tae0y/python-project-template

Update .claude/, .mcp.json, and .pre-commit-config.yaml from the upstream python-project-template repository into the current project. Only files that exist upstream are updated — project-only files are never deleted. Use when pulling latest tooling, rules, hooks, or skills from the canonical template into this project. Triggers on: "템플릿 최신화", "template sync", "upstream 반영", "template 업데이트".

template-broadcast

13
from tae0y/python-project-template

Apply template-downstream to all registered downstream projects in bulk, one project at a time. Use when you want to push the latest .claude/, .mcp.json, or .pre-commit-config.yaml to every project at once. Triggers on: "일괄 배포", "전체 프로젝트에 내려보내기", "모든 프로젝트 업데이트", "broadcast template", "bulk sync".

tdd

13
from tae0y/python-project-template

Test-Driven Development workflow. Use for ALL code changes - features, bug fixes, refactoring. TDD is non-negotiable.

sparks-create

13
from tae0y/python-project-template

Apply the 13 thinking tools from "Sparks of Genius" (생각의 탄생) to reframe any problem through creative, cross-disciplinary lenses. Use when conventional analysis falls short, when you need a fresh creative angle, or when the problem spans multiple domains.

skill-creator

13
from tae0y/python-project-template

Create new skills, modify and improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, edit, or optimize an existing skill, run evals to test a skill, benchmark skill performance with variance analysis, or optimize a skill's description for better triggering accuracy.

rethink-unblock

13
from tae0y/python-project-template

Break out of a stuck approach by reframing a technical problem through structured thinking frameworks. Use when blocked, going in circles, or when a fresh perspective is needed on architecture, design, or debugging.

refactoring

13
from tae0y/python-project-template

Refactoring assessment and patterns. Use after tests pass (GREEN phase) to assess improvement opportunities.

python-mcp-expert

13
from tae0y/python-project-template

Expert assistant for developing Model Context Protocol (MCP) servers in Python. Use when creating, debugging, or optimizing MCP servers with FastMCP, tools, resources, and prompts.

python-conventions

13
from tae0y/python-project-template

Python coding conventions and guidelines including PEP 8, type hints, docstrings, and testing standards. Automatically applied when working with Python files.

prd

13
from tae0y/python-project-template

Generate high-quality Product Requirements Documents (PRDs) for software systems and AI-powered features. Includes executive summaries, user stories, technical specifications, and risk analysis.