Dependency Auditor
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a purpose-aligned dependency auditing toolkit that reads project dependency files and produces local reports, with no evidence of hidden exfiltration, credential use, persistence, or destructive behavior.
This skill looks safe to use for local dependency auditing. Before installing or invoking it, make sure you run it only against the project you intend to inspect, and treat generated reports as potentially containing internal dependency and path information.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run on a broad directory, the generated report could include package names, versions, and local project paths from multiple projects.
The scanner recursively searches the user-supplied project path for supported dependency files. This is central to dependency auditing, but it means the tool can read dependency metadata across all matching subdirectories under the selected path.
matching_files = list(project_path.rglob(file_pattern))
Run the tool only on the intended project directory and review generated reports before sharing them.