audit
Run dependency security audit using pip-audit. Use when checking for known vulnerabilities in project dependencies.
Best use case
audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Run dependency security audit using pip-audit. Use when checking for known vulnerabilities in project dependencies.
Teams using audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How audit Compares
| Feature / Agent | audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Run dependency security audit using pip-audit. Use when checking for known vulnerabilities in project dependencies.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Dependency Security Audit Scan project dependencies for known security vulnerabilities. ## Execution Run via pre-commit (preferred): ```bash uv run pre-commit run pip-audit --hook-stage manual ``` Or directly: ```bash uv run pip-audit --desc --require-hashes ``` ## Output Format Summarize results as: ``` ## Dependency Security Audit ### Summary - Packages scanned: [count] - Vulnerabilities found: [count] ### Vulnerabilities - [package] [version] - CVE: [CVE-ID] - Severity: [Critical/High/Medium/Low] - Description: [brief description] - Fix version: [version] ### Recommended Actions - Upgrade immediately: [package list] - Consider replacement: [package list] ``` Triage by severity: - Critical/High → "Upgrade immediately" - Medium → "Address in next update cycle" - Low → "Monitor" If no vulnerabilities: output `Dependency audit passed ✓` only. ## When to Run | Trigger | Action | |---------|--------| | New external dependency added | Run immediately after `uv add` | | Monthly cadence | Run and log result (even if clean) | | Before major release | Run as part of release checklist | ## Execution Log After each audit run, append a one-line entry to `localdocs/worklog.done.md`: ``` worklog done audit YYYY-MM-DD — [N vulnerabilities / clean] ``` This creates a lightweight audit trail without a separate log file. ## Notes - Detects known vulnerabilities in **installed packages** only - For code-level security issues, use the `check` skill (bandit) - Hook `check-external-lib-usage.sh` reminds you to run audit after new imports
Related Skills
worklog
Update worklog files by moving tasks between todo/doing/done states. Use when recording task progress, starting new work, or marking tasks complete. Requires explicit arguments: worklog [done|doing|todo] [description].
template-proposal-review
Review proposal files in localdocs/localdocs/proposals/ and decide whether to apply them to the upstream python-project-template repository. Use when evaluating proposals generated by template-upstream, deciding which ones to accept or reject, and applying accepted ones to the template repo. Triggers on: "proposal 검토", "제안 검토", "template에 반영할지", "proposals 리뷰", "upstream 반영 결정".
template-downstream
Update .claude/, .mcp.json, and .pre-commit-config.yaml from the upstream python-project-template repository into the current project. Only files that exist upstream are updated — project-only files are never deleted. Use when pulling latest tooling, rules, hooks, or skills from the canonical template into this project. Triggers on: "템플릿 최신화", "template sync", "upstream 반영", "template 업데이트".
template-broadcast
Apply template-downstream to all registered downstream projects in bulk, one project at a time. Use when you want to push the latest .claude/, .mcp.json, or .pre-commit-config.yaml to every project at once. Triggers on: "일괄 배포", "전체 프로젝트에 내려보내기", "모든 프로젝트 업데이트", "broadcast template", "bulk sync".
tdd
Test-Driven Development workflow. Use for ALL code changes - features, bug fixes, refactoring. TDD is non-negotiable.
sparks-create
Apply the 13 thinking tools from "Sparks of Genius" (생각의 탄생) to reframe any problem through creative, cross-disciplinary lenses. Use when conventional analysis falls short, when you need a fresh creative angle, or when the problem spans multiple domains.
skill-creator
Create new skills, modify and improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, edit, or optimize an existing skill, run evals to test a skill, benchmark skill performance with variance analysis, or optimize a skill's description for better triggering accuracy.
rethink-unblock
Break out of a stuck approach by reframing a technical problem through structured thinking frameworks. Use when blocked, going in circles, or when a fresh perspective is needed on architecture, design, or debugging.
refactoring
Refactoring assessment and patterns. Use after tests pass (GREEN phase) to assess improvement opportunities.
python-mcp-expert
Expert assistant for developing Model Context Protocol (MCP) servers in Python. Use when creating, debugging, or optimizing MCP servers with FastMCP, tools, resources, and prompts.
python-conventions
Python coding conventions and guidelines including PEP 8, type hints, docstrings, and testing standards. Automatically applied when working with Python files.
prd
Generate high-quality Product Requirements Documents (PRDs) for software systems and AI-powered features. Includes executive summaries, user stories, technical specifications, and risk analysis.