What it does

Scans `package.json`/`package-lock.json`, `requirements.txt`/`Pipfile.lock`, `go.mod`/`go.sum`, `Gemfile.lock`, `Cargo.lock`, and `pyproject.toml` against OSV.dev (free,…

Use BEFORE `npm install`, BEFORE merging a PR that bumps deps, BEFORE shipping a release, or on a weekly cron.

How it arrives

You don't install skills one by one. ClevskillSetup installs the whole curated pack, wires the safety hooks, and verifies each skill actually runs on your machine. The weekly health scan re-checks it from then on, and repairs route through your approval.

Setup

No setup needed. It works as soon as the pack is installed; no accounts, no API keys, nothing leaves your machine.

Invoke it

In Claude Code or Claude Cowork, just ask in plain language; skills trigger on intent. Things people say that make this skill run:

you: scan dependencies
you: any known CVEs
you: check requirements.txt for vulns
claude: [dependency-vulnerability-scan runs, result returned with full audit log]

Part of the security suite: it runs automatically where it applies, fails closed on errors, and never sends your content anywhere.