Slash Command260 estrellas del repoactualizado 16d ago

plugin-audit

The plugin-audit command systematically scans a project's installed dependencies across multiple package managers, extension platforms, and workflow systems to identify security vulnerabilities, maintenance risks, and supply chain threats. Use this command when onboarding new projects, preparing for production deployments, or conducting routine security reviews to generate a prioritized risk report with remediation recommendations for each flagged dependency.

Ver fuente Repositorio: Claude-Skills

Instalar en Claude Code

Copiar

mkdir -p ~/.claude/commands && curl -fsSL https://raw.githubusercontent.com/borghei/Claude-Skills/HEAD/.claude/commands/plugin-audit.md -o ~/.claude/commands/plugin-audit.md

Después abre una sesión nueva de Claude Code; el slash command carga automáticamente.

Definición

plugin-audit.md

Audit project plugins and extensions:

1. **Discover installed plugins/dependencies:**
   - npm packages (package.json)
   - Python packages (requirements.txt, pyproject.toml, Pipfile)
   - VS Code extensions (.vscode/extensions.json)
   - Browser extensions referenced in code
   - GitHub Actions used in workflows
   - MCP servers configured
2. **Security check per dependency:**
   - Known CVEs (check against advisory databases)
   - Last published date (flag if > 1 year ago — possibly unmaintained)
   - Download count / popularity (flag low-adoption packages)
   - Permission scope (what does it access?)
   - Maintainer count (single-maintainer risk)
3. **Version health:**
   - How many major versions behind latest?
   - Are there breaking changes in available updates?
   - Is the package deprecated?
4. **License audit:**
   - Identify all license types
   - Flag copyleft licenses (GPL) in proprietary projects
   - Flag missing licenses (unknown risk)
5. **Supply chain risk:**
   - Packages with install scripts (postinstall hooks)
   - Packages with native bindings
   - Transitive dependency count (flag if > 100 deep)
6. **Output** a risk-scored audit report with: package name, version, risk level (high/medium/low), specific concerns, and recommended action (update/replace/remove/accept).

Del mismo repositorio

changelog-managerSubagent

code-reviewerSubagent

doc-generatorSubagent

git-workflowSubagent

qa-engineerSubagent

security-auditorSubagent

a11y-auditSlash Command

Run an accessibility audit on the current project for WCAG compliance.

code-to-prdSlash Command

Reverse-engineer a Product Requirements Document from existing code.