Dependency Guard

Use when a task adds, upgrades, removes, or reviews software dependencies and the agent should apply a Socket-based supply-chain guardrail before changing manifests or lockfiles. Prefer MCP depscore when available, otherwise use the bundled Socket CLI helper. Stop and recommend an alternative or human review when risk signals are weak.

Install

openclaw skills install @tuthan/dependency-guard