Dependency Auditor
Review Go module dependency trees (direct and indirect) for risky versions, bloat, and supply-chain hygiene before release.
Install
npx skills add https://github.com/alirezarezvani/claude-skills --skill dependency-auditorWhat is this skill?
- Audits Go `go.mod` require blocks including indirect dependency chains
- Surfaces common stacks: Gin, GORM, Redis, JWT, Zap, and crypto libraries from exemplar modules
- Supports reasoning about version pins and transitive bloat in microservice-style Go 1.20+ projects
- Intended for agent-led review when dependency files change in PRs or before deploy
- Pairs with backend Go services using Postgres, WebSockets, and YAML config patterns
Adoption & trust: 547 installs on skills.sh; 17.5k GitHub stars; 3/3 security scanners passed (skills.sh audits).
Recommended Skills
Azure Compliancemicrosoft/azure-skills
Openclaw Secure Linux Cloudxixu-me/skills
Entra Agent Idmicrosoft/azure-skills
Firebase Security Rules Auditorfirebase/agent-skills
Firestore Security Rules Auditorfirebase/agent-skills
Skill Vetteruseai-pro/openclaw-skills-security
Journey fit
Canonical shelf is Ship → security because the skill’s purpose is pre-release dependency scrutiny, though the same audit applies whenever you change go.mod during Build or Operate. Subphase security fits CVE-oriented and supply-chain review of require blocks rather than feature implementation or test authoring.
Common Questions / FAQ
Is Dependency Auditor safe to install?
skills.sh reports 3 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.
SKILL.md
READMESKILL.md - Dependency Auditor
module github.com/example/sample-go-service go 1.20 require ( github.com/gin-gonic/gin v1.9.1 github.com/go-redis/redis/v8 v8.11.5 github.com/golang-jwt/jwt/v4 v4.5.0 github.com/gorilla/mux v1.8.0 github.com/gorilla/websocket v1.5.0 github.com/lib/pq v1.10.9 github.com/stretchr/testify v1.8.2 go.uber.org/zap v1.24.0 golang.org/x/crypto v0.9.0 gopkg.in/yaml.v3 v3.0.1 gorm.io/driver/postgres v1.5.0 gorm.io/gorm v1.25.1 ) require ( github.com/bytedance/sonic v1.8.8 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/gabriel-vasile/mimetype v1.4.2 // indirect github.com/gin-contrib/sse v0.1.0 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect github.com/go-playground/validator/v10 v10.13.0 // indirect github.com/goccy/go-json v0.10.2 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect github.com/jackc/pgx/v5 v5.3.1 // indirect github.com/jinzhu/inflection v1.0.0 // indirect github.com/jinzhu/now v1.1.5 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/cpuid/v2 v2.2.4 // indirect github.com/leodido/go-urn v1.2.4 // indirect github.com/mattn/go-isatty v0.0.18 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/pelletier/go-toml/v2 v2.0.7 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/ugorji/go/codec v1.2.11 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/arch v0.3.0 // indirect golang.org/x/net v0.10.0 // indirect golang.org/x/sys v0.8.0 // indirect golang.org/x/text v0.9.0 // indirect ) { "name": "sample-web-app", "version": "1.2.3", "description": "A sample web application with various dependencies for testing dependency auditing", "main": "index.js", "scripts": { "start": "node index.js", "dev": "nodemon index.js", "build": "webpack --mode production", "test": "jest", "lint": "eslint src/", "audit": "npm audit" }, "keywords": ["web", "app", "sample", "dependency", "audit"], "author": "Claude Skills Team", "license": "MIT", "dependencies": { "express": "4.18.1", "lodash": "4.17.20", "axios": "1.5.0", "jsonwebtoken": "8.5.1", "bcrypt": "5.1.0", "mongoose": "6.10.0", "cors": "2.8.5", "helmet": "6.1.5", "winston": "3.8.2", "dotenv": "16.0.3", "express-rate-limit": "6.7.0", "multer": "1.4.5-lts.1", "sharp": "0.32.1", "nodemailer": "6.9.1", "socket.io": "4.6.1", "redis": "4.6.5", "moment": "2.29.4", "chalk": "4.1.2", "commander": "9.4.1" }, "devDependencies": { "nodemon": "2.0.22", "jest": "29.5.0", "supertest": "6.3.3", "eslint": "8.40.0", "eslint-config-airbnb-base": "15.0.0", "eslint-plugin-import": "2.27.5", "webpack": "5.82.1", "webpack-cli": "5.1.1", "babel-loader": "9.1.2", "@babel/core": "7.22.1", "@babel/preset-env": "7.22.2", "css-loader": "6.7.4", "style-loader": "3.3.3", "html-webpack-plugin": "5.5.1", "mini-css-extract-plugin": "2.7.6", "postcss": "8.4.23", "postcss-loader": "7.3.0", "autoprefixer": "10.4.14", "cross-env": "7.0.3", "rimraf": "5.0.1" }, "engines": { "node": ">=16.0.0", "npm": ">=8.0.0" }, "repository": { "type": "git", "url": "https://github.com/example/sample-web-app.git" }, "bugs": { "url": "https://github.com/example/sample-web-app/issues" }, "homepage": "https://github.com/exa