Dependency Auditor
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: dependency-auditor Version: 2.1.1 The dependency-auditor skill bundle is a well-structured toolkit for software composition analysis, including vulnerability scanning, license compliance, and upgrade planning. The Python scripts (dep_scanner.py, license_checker.py, and upgrade_planner.py) operate locally using standard library modules to parse manifest files (e.g., package.json, requirements.txt) and compare them against internal mock databases. There is no evidence of data exfiltration, unauthorized network activity, or malicious prompt injection instructions in SKILL.md or README.md.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run on a broad directory, the generated report could include package names, versions, and local project paths from multiple projects.
The scanner recursively searches the user-supplied project path for supported dependency files. This is central to dependency auditing, but it means the tool can read dependency metadata across all matching subdirectories under the selected path.
matching_files = list(project_path.rglob(file_pattern))
Run the tool only on the intended project directory and review generated reports before sharing them.