Skill Detail

Dependency Audit and Security Analysis

This skill provides dependency audit and security analysis. It examines project dependencies for vulnerabilities and licensing issues.

GitHub:sickn33/antigravity-awesome-skills codebase-cleanup-deps-audit

version 094c1424d384

static analysis only

no human review yet

Use Caution

Current public label

Use Caution

Because the skill interacts with external network resources, it is labeled with caution. The documentation-heavy structure limits how much automated analysis can verify.

This label is currently coming from the automated scorecard.

Automated result

Use Caution

Driftloom found that this skill references external endpoints and makes outbound HTTP calls. The skill's structure is mostly documentation.

1 medium, 2 low Final label: use caution.

Human review

No human review has been recorded yet.

The current public label is still relying on automation. A human has not weighed in yet.

What happened

Driftloom completed a static scan. It inspected the skill files, recorded findings, and generated a scorecard.

Runtime evidence

No sandbox runtime result has been recorded yet.

What did not happen

Driftloom did not run this skill in an isolated sandbox yet.
This label is not a guarantee that the skill is safe, bug-free, or appropriate for every environment.
A good score does not replace human judgment when a skill touches secrets, shell access, or external systems.

Source provenance

Source: Workspace import

Originally ingested from a local workspace copy.

Scorecard

Safety

100

Quality

Transparency

Operational

Maintenance

1 medium, 2 low Final label: use caution.

Severity mix: 1 medium, 2 low

What Driftloom checked

Read the skill files and metadata to understand what the skill claims to do.
Looked for shell commands and risky command patterns, even if none stood out strongly.
Looked for external URLs, network calls, and signs the skill reaches outside the machine.
Looked for secrets and credential handling clues.
Checked whether the skill structure and references looked internally consistent.

Findings

Programmatic network client usage detected

network.client_code · transparency

Medium

The source appears to make outbound HTTP calls in code.

File: resources/implementation-playbook.md

Evidence: requests.

Documentation-only skill structure

structure.docs_only · quality

Low

The source looks almost entirely documentation-based, with no obvious code or config files to inspect. That does not make it bad, but it limits how much automation can meaningfully verify.

File: SKILL.md

Explicit external endpoint reference detected

network.url_reference · transparency

Low

The docs reference an external endpoint or network flow in a context that likely matters to how the skill operates.

File: resources/implementation-playbook.md

Evidence: https://registry.npmjs.org/-/npm/v1/security/advisories/bulk

Latest scan metadata

Run type	Static
Status	Completed
Runner	control-plane:heuristic-scan
Duration	1 ms
Completed	2026-03-26 18:28

Scan history

Static

Completed ·

Runner: control-plane:heuristic-scan · 1 ms

Versions

094c1424d384

2026-03-26 18:28

/tmp/antigravity-awesome-skills/skills/codebase-cleanup-deps-audit

Manual reviews

No manual reviews recorded yet.

Runtime artifacts

No runtime artifacts recorded.

All artifacts

source_bundle

/app/source_bundles/codebase-cleanup-deps-audit/094c1424d384.tar.gz

analysis_summary

heuristic://codebase-cleanup-deps-audit/None

source_snapshot

/tmp/antigravity-awesome-skills/skills/codebase-cleanup-deps-audit

More from GitHub:sickn33/antigravity-awesome-skills

007 — Licenca para Auditar

007

High Risk

2D Game Development

game-development

Trusted

3D Game Development

game-development

Trusted

3D Web Experience

3d-web-experience

Trusted

A/B Test Setup

ab-test-setup

Trusted

Acceptance Orchestrator

acceptance-orchestrator

Trusted

See more from this publisher →