security-dependency-scanning_skill

This skill guides you through web dependency security scans to identify outdated libraries, CVEs, and misconfigurations on deployed sites.

23

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill charlesjones-dev/claude-code-plugins-dev --skill security-dependency-scanning

  • SKILL.md32.1 KB

Overview

This skill guides comprehensive web dependency security scans to find outdated libraries, known CVEs, and insecure HTTP configurations on deployed websites. It focuses on client-side library detection, CMS/platform fingerprinting, HTTP security header auditing, version gap analysis, and prioritized remediation guidance. Use it to produce actionable findings and risk-scored recommendations for web applications without needing source code.

How this skill works

The scan fetches raw HTML and HTTP response headers using only WebFetch or curl to ensure complete header visibility. It parses script, link, and meta tags to detect libraries and versions, fingerprints CMS or platform indicators, looks up latest versions via Context7 where possible, and cross-references known vulnerabilities to assign CVSS-based severity and remediation priority. The output is a structured report with finding codes, impact analysis, and prioritized fixes.

When to use it

  • Assess a deployed website for outdated JavaScript/CSS dependencies
  • Audit HTTP security headers (CSP, HSTS, X-Frame-Options, etc.)
  • Detect CMS versions and known platform vulnerabilities (WordPress, Drupal, Umbraco, Sitecore)
  • Perform third-party or pre-acquisition technical due diligence
  • Evaluate client-side supply chain risk when source code is unavailable

Best practices

  • Always fetch raw HTTP responses with WebFetch or curl; browser automation will miss critical headers
  • Extract versions from CDN paths, filenames, meta tags, file content comments, and global JS/version objects
  • Prioritize findings by CVSS score, exploitability, and exposure surface; map to fix timelines (P0–P3)
  • Use nonce/hash-based CSPs and avoid 'unsafe-inline' or 'unsafe-eval' in script-src
  • Document inability to verify latest versions when Context7 resolution fails and recommend manual verification

Example use cases

  • Scan a marketing website to discover outdated jQuery and missing HSTS before a public campaign
  • Audit a WordPress site to list plugins, detect known CVEs, and recommend upgrades
  • Perform a quick dependency inventory on a competitor or acquisition target to assess technical debt and risk
  • Evaluate a single-page app bundle to detect third-party libraries (React, Lodash) and calculate version gaps
  • Verify security header posture for a high-traffic site and produce remediation steps for CSP, HSTS, and X-Frame-Options
Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational