Xpersona
Claim this agent
Agent DossierCLAWHUBSafety 84/100

Xpersona Agent

dependency-auditor

Dependency Auditor Dependency Auditor **Skill Type:** POWERFUL **Category:** Engineering **Domain:** Dependency Management & Security Overview The **Dependency Auditor** is a comprehensive toolkit for analyzing, auditing, and managing dependencies across multi-language software projects. This skill provides deep visibility into your project's dependency ecosystem, enabling teams to identify vulnerabilities, ensure license compliance, o

OpenClaw · self-declared
Trust evidence available
View on ClawHub
clawhub skill install skills:alirezarezvani:dependency-auditor

Overall rank

#62

Adoption

No public adoption signal

Trust

Unknown

Freshness

Feb 25, 2026

Freshness

Last checked Feb 25, 2026

Best For

dependency-auditor is best for introduce, python, project workflows where OpenClaw compatibility matters.

Not Ideal For

Contract metadata is missing or unavailable for deterministic execution.

Evidence Sources Checked

editorial-content, CLAWHUB, runtime-metrics, public facts pack

OverviewEvidence & TimelineArtifacts & DocsAPI & ReliabilityMedia & RelatedMachine Appendix

Overview

Key links, install path, reliability highlights, and the shortest practical read before diving into the crawl record.

Verifiededitorial-content

Overview

Executive Summary

Dependency Auditor Dependency Auditor **Skill Type:** POWERFUL **Category:** Engineering **Domain:** Dependency Management & Security Overview The **Dependency Auditor** is a comprehensive toolkit for analyzing, auditing, and managing dependencies across multi-language software projects. This skill provides deep visibility into your project's dependency ecosystem, enabling teams to identify vulnerabilities, ensure license compliance, o Capability contract not published. No trust telemetry is available yet. Last updated 4/15/2026.

No verified compatibility signals

Trust score

Unknown

Compatibility

OpenClaw

Freshness

Feb 25, 2026

Vendor

Openclaw

Artifacts

0

Benchmarks

0

Last release

Unpublished

Install & run

Setup Snapshot

clawhub skill install skills:alirezarezvani:dependency-auditor
  1. 1

    Setup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.

  2. 2

    Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.

Evidence & Timeline

Public facts grouped by evidence type, plus release and crawl events with provenance and freshness.

Verifiededitorial-content

Public facts

Evidence Ledger

Vendor (1)

Vendor

Openclaw

profilemedium
Observed Apr 15, 2026Source linkProvenance
Compatibility (1)

Protocol compatibility

OpenClaw

contractmedium
Observed Apr 15, 2026Source linkProvenance
Security (1)

Handshake status

UNKNOWN

trustmedium
Observed unknownSource linkProvenance
Integration (1)

Crawlable docs

6 indexed pages on the official domain

search_documentmedium
Observed Apr 15, 2026Source linkProvenance

Events

Release & Crawl Timeline

Docs Update

Docs refreshed: Sign in to GitHub · GitHub

search_documentmedium

Fresh crawlable documentation was indexed for the official domain.

Observed Apr 15, 2026

Artifacts & Docs

Parameters, dependencies, examples, extracted files, editorial overview, and the complete README when available.

Self-declaredCLAWHUB

Captured outputs

Artifacts Archive

Extracted files

0

Examples

4

Snippets

0

Languages

typescript

Parameters

Executable Examples

bash

# Security gate in CI
python dep_scanner.py /project --format json --fail-on-high
python license_checker.py /project --policy strict --format json

bash

# Weekly dependency audit
./audit_dependencies.sh > weekly_report.html
python upgrade_planner.py deps.json --timeline 30days

bash

# Pre-commit dependency check
python dep_scanner.py . --quick-scan
python license_checker.py . --warn-conflicts

bash

# Scan project for vulnerabilities and licenses
python scripts/dep_scanner.py /path/to/project

# Check license compliance
python scripts/license_checker.py /path/to/project --policy strict

# Plan dependency upgrades
python scripts/upgrade_planner.py deps.json --risk-threshold medium

Editorial read

Docs & README

Docs source

CLAWHUB

Editorial quality

ready

Dependency Auditor Dependency Auditor **Skill Type:** POWERFUL **Category:** Engineering **Domain:** Dependency Management & Security Overview The **Dependency Auditor** is a comprehensive toolkit for analyzing, auditing, and managing dependencies across multi-language software projects. This skill provides deep visibility into your project's dependency ecosystem, enabling teams to identify vulnerabilities, ensure license compliance, o

Full README

Dependency Auditor

Skill Type: POWERFUL
Category: Engineering
Domain: Dependency Management & Security

Overview

The Dependency Auditor is a comprehensive toolkit for analyzing, auditing, and managing dependencies across multi-language software projects. This skill provides deep visibility into your project's dependency ecosystem, enabling teams to identify vulnerabilities, ensure license compliance, optimize dependency trees, and plan safe upgrades.

In modern software development, dependencies form complex webs that can introduce significant security, legal, and maintenance risks. A single project might have hundreds of direct and transitive dependencies, each potentially introducing vulnerabilities, license conflicts, or maintenance burden. This skill addresses these challenges through automated analysis and actionable recommendations.

Core Capabilities

1. Vulnerability Scanning & CVE Matching

Comprehensive Security Analysis

  • Scans dependencies against built-in vulnerability databases
  • Matches Common Vulnerabilities and Exposures (CVE) patterns
  • Identifies known security issues across multiple ecosystems
  • Analyzes transitive dependency vulnerabilities
  • Provides CVSS scores and exploit assessments
  • Tracks vulnerability disclosure timelines
  • Maps vulnerabilities to dependency paths

Multi-Language Support

  • JavaScript/Node.js: package.json, package-lock.json, yarn.lock
  • Python: requirements.txt, pyproject.toml, Pipfile.lock, poetry.lock
  • Go: go.mod, go.sum
  • Rust: Cargo.toml, Cargo.lock
  • Ruby: Gemfile, Gemfile.lock
  • Java/Maven: pom.xml, gradle.lockfile
  • PHP: composer.json, composer.lock
  • C#/.NET: packages.config, project.assets.json

2. License Compliance & Legal Risk Assessment

License Classification System

  • Permissive Licenses: MIT, Apache 2.0, BSD (2-clause, 3-clause), ISC
  • Copyleft (Strong): GPL (v2, v3), AGPL (v3)
  • Copyleft (Weak): LGPL (v2.1, v3), MPL (v2.0)
  • Proprietary: Commercial, custom, or restrictive licenses
  • Dual Licensed: Multi-license scenarios and compatibility
  • Unknown/Ambiguous: Missing or unclear licensing

Conflict Detection

  • Identifies incompatible license combinations
  • Warns about GPL contamination in permissive projects
  • Analyzes license inheritance through dependency chains
  • Provides compliance recommendations for distribution
  • Generates legal risk matrices for decision-making

3. Outdated Dependency Detection

Version Analysis

  • Identifies dependencies with available updates
  • Categorizes updates by severity (patch, minor, major)
  • Detects pinned versions that may be outdated
  • Analyzes semantic versioning patterns
  • Identifies floating version specifiers
  • Tracks release frequencies and maintenance status

Maintenance Status Assessment

  • Identifies abandoned or unmaintained packages
  • Analyzes commit frequency and contributor activity
  • Tracks last release dates and security patch availability
  • Identifies packages with known end-of-life dates
  • Assesses upstream maintenance quality

4. Dependency Bloat Analysis

Unused Dependency Detection

  • Identifies dependencies that aren't actually imported/used
  • Analyzes import statements and usage patterns
  • Detects redundant dependencies with overlapping functionality
  • Identifies oversized packages for simple use cases
  • Maps actual vs. declared dependency usage

Redundancy Analysis

  • Identifies multiple packages providing similar functionality
  • Detects version conflicts in transitive dependencies
  • Analyzes bundle size impact of dependencies
  • Identifies opportunities for dependency consolidation
  • Maps dependency overlap and duplication

5. Upgrade Path Planning & Breaking Change Risk

Semantic Versioning Analysis

  • Analyzes semver patterns to predict breaking changes
  • Identifies safe upgrade paths (patch/minor versions)
  • Flags major version updates requiring attention
  • Tracks breaking changes across dependency updates
  • Provides rollback strategies for failed upgrades

Risk Assessment Matrix

  • Low Risk: Patch updates, security fixes
  • Medium Risk: Minor updates with new features
  • High Risk: Major version updates, API changes
  • Critical Risk: Dependencies with known breaking changes

Upgrade Prioritization

  • Security patches: Highest priority
  • Bug fixes: High priority
  • Feature updates: Medium priority
  • Major rewrites: Planned priority
  • Deprecated features: Immediate attention

6. Supply Chain Security

Dependency Provenance

  • Verifies package signatures and checksums
  • Analyzes package download sources and mirrors
  • Identifies suspicious or compromised packages
  • Tracks package ownership changes and maintainer shifts
  • Detects typosquatting and malicious packages

Transitive Risk Analysis

  • Maps complete dependency trees
  • Identifies high-risk transitive dependencies
  • Analyzes dependency depth and complexity
  • Tracks influence of indirect dependencies
  • Provides supply chain risk scoring

7. Lockfile Analysis & Deterministic Builds

Lockfile Validation

  • Ensures lockfiles are up-to-date with manifests
  • Validates integrity hashes and version consistency
  • Identifies drift between environments
  • Analyzes lockfile conflicts and resolution strategies
  • Ensures deterministic, reproducible builds

Environment Consistency

  • Compares dependencies across environments (dev/staging/prod)
  • Identifies version mismatches between team members
  • Validates CI/CD environment consistency
  • Tracks dependency resolution differences

Technical Architecture

Scanner Engine (dep_scanner.py)

  • Multi-format parser supporting 8+ package ecosystems
  • Built-in vulnerability database with 500+ CVE patterns
  • Transitive dependency resolution from lockfiles
  • JSON and human-readable output formats
  • Configurable scanning depth and exclusion patterns

License Analyzer (license_checker.py)

  • License detection from package metadata and files
  • Compatibility matrix with 20+ license types
  • Conflict detection engine with remediation suggestions
  • Risk scoring based on distribution and usage context
  • Export capabilities for legal review

Upgrade Planner (upgrade_planner.py)

  • Semantic version analysis with breaking change prediction
  • Dependency ordering based on risk and interdependence
  • Migration checklists with testing recommendations
  • Rollback procedures for failed upgrades
  • Timeline estimation for upgrade cycles

Use Cases & Applications

Security Teams

  • Vulnerability Management: Continuous scanning for security issues
  • Incident Response: Rapid assessment of vulnerable dependencies
  • Supply Chain Monitoring: Tracking third-party security posture
  • Compliance Reporting: Automated security compliance documentation

Legal & Compliance Teams

  • License Auditing: Comprehensive license compliance verification
  • Risk Assessment: Legal risk analysis for software distribution
  • Due Diligence: Dependency licensing for M&A activities
  • Policy Enforcement: Automated license policy compliance

Development Teams

  • Dependency Hygiene: Regular cleanup of unused dependencies
  • Upgrade Planning: Strategic dependency update scheduling
  • Performance Optimization: Bundle size optimization through dep analysis
  • Technical Debt: Identifying and prioritizing dependency technical debt

DevOps & Platform Teams

  • Build Optimization: Faster builds through dependency optimization
  • Security Automation: Automated vulnerability scanning in CI/CD
  • Environment Consistency: Ensuring consistent dependencies across environments
  • Release Management: Dependency-aware release planning

Integration Patterns

CI/CD Pipeline Integration

# Security gate in CI
python dep_scanner.py /project --format json --fail-on-high
python license_checker.py /project --policy strict --format json

Scheduled Audits

# Weekly dependency audit
./audit_dependencies.sh > weekly_report.html
python upgrade_planner.py deps.json --timeline 30days

Development Workflow

# Pre-commit dependency check
python dep_scanner.py . --quick-scan
python license_checker.py . --warn-conflicts

Advanced Features

Custom Vulnerability Databases

  • Support for internal/proprietary vulnerability feeds
  • Custom CVE pattern definitions
  • Organization-specific risk scoring
  • Integration with enterprise security tools

Policy-Based Scanning

  • Configurable license policies by project type
  • Custom risk thresholds and escalation rules
  • Automated policy enforcement and notifications
  • Exception management for approved violations

Reporting & Dashboards

  • Executive summaries for management
  • Technical reports for development teams
  • Trend analysis and dependency health metrics
  • Integration with project management tools

Multi-Project Analysis

  • Portfolio-level dependency analysis
  • Shared dependency impact analysis
  • Organization-wide license compliance
  • Cross-project vulnerability propagation

Best Practices

Scanning Frequency

  • Security Scans: Daily or on every commit
  • License Audits: Weekly or monthly
  • Upgrade Planning: Monthly or quarterly
  • Full Dependency Audit: Quarterly

Risk Management

  1. Prioritize Security: Address high/critical CVEs immediately
  2. License First: Ensure compliance before functionality
  3. Gradual Updates: Incremental dependency updates
  4. Test Thoroughly: Comprehensive testing after updates
  5. Monitor Continuously: Automated monitoring and alerting

Team Workflows

  1. Security Champions: Designate dependency security owners
  2. Review Process: Mandatory review for new dependencies
  3. Update Cycles: Regular, scheduled dependency updates
  4. Documentation: Maintain dependency rationale and decisions
  5. Training: Regular team education on dependency security

Metrics & KPIs

Security Metrics

  • Mean Time to Patch (MTTP) for vulnerabilities
  • Number of high/critical vulnerabilities
  • Percentage of dependencies with known vulnerabilities
  • Security debt accumulation rate

Compliance Metrics

  • License compliance percentage
  • Number of license conflicts
  • Time to resolve compliance issues
  • Policy violation frequency

Maintenance Metrics

  • Percentage of up-to-date dependencies
  • Average dependency age
  • Number of abandoned dependencies
  • Upgrade success rate

Efficiency Metrics

  • Bundle size reduction percentage
  • Unused dependency elimination rate
  • Build time improvement
  • Developer productivity impact

Troubleshooting Guide

Common Issues

  1. False Positives: Tuning vulnerability detection sensitivity
  2. License Ambiguity: Resolving unclear or multiple licenses
  3. Breaking Changes: Managing major version upgrades
  4. Performance Impact: Optimizing scanning for large codebases

Resolution Strategies

  • Whitelist false positives with documentation
  • Contact maintainers for license clarification
  • Implement feature flags for risky upgrades
  • Use incremental scanning for large projects

Future Enhancements

Planned Features

  • Machine learning for vulnerability prediction
  • Automated dependency update pull requests
  • Integration with container image scanning
  • Real-time dependency monitoring dashboards
  • Natural language policy definition

Ecosystem Expansion

  • Additional language support (Swift, Kotlin, Dart)
  • Container and infrastructure dependencies
  • Development tool and build system dependencies
  • Cloud service and SaaS dependency tracking

Quick Start

# Scan project for vulnerabilities and licenses
python scripts/dep_scanner.py /path/to/project

# Check license compliance
python scripts/license_checker.py /path/to/project --policy strict

# Plan dependency upgrades
python scripts/upgrade_planner.py deps.json --risk-threshold medium

For detailed usage instructions, see README.md.

This skill provides comprehensive dependency management capabilities essential for maintaining secure, compliant, and efficient software projects. Regular use helps teams stay ahead of security threats, maintain legal compliance, and optimize their dependency ecosystems.

API & Reliability

Machine endpoints, contract coverage, trust signals, runtime metrics, benchmarks, and guardrails for agent-to-agent use.

MissingCLAWHUB

Machine interfaces

Contract & API

Endpoints

Dossier APISnapshot APIContract APITrust API

Contract coverage

Status

missing

Auth

None

Streaming

No

Data region

Unspecified

Protocol support

OpenClaw: self-declared

Requires: none

Forbidden: none

Guardrails

Operational confidence: low

No positive guardrails captured.
Invocation examples
curl -s "https://xpersona.co/api/v1/agents/clawhub-skills-alirezarezvani-dependency-auditor/snapshot"
curl -s "https://xpersona.co/api/v1/agents/clawhub-skills-alirezarezvani-dependency-auditor/contract"
curl -s "https://xpersona.co/api/v1/agents/clawhub-skills-alirezarezvani-dependency-auditor/trust"

Operational fit

Reliability & Benchmarks

Trust signals

Handshake

UNKNOWN

Confidence

unknown

Attempts 30d

unknown

Fallback rate

unknown

Runtime metrics

Observed P50

unknown

Observed P95

unknown

Rate limit

unknown

Estimated cost

unknown

Do not use if

Contract metadata is missing or unavailable for deterministic execution.
No benchmark suites or observed failure patterns are available.

Media & Related

Public screenshots, demo and owner links, plus neighboring agents from the same ecosystem for shortlist building.

Missingno-media

Visual context

Media & Demo

No screenshots, media assets, or demo links are available.

Comparison set

Related Agents

GITHUB_REPOSactivepieces

Rank

70

AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents

Traction

No public download signal

Freshness

Updated 2d ago

OPENCLAW
GITHUB_REPOScherry-studio

Rank

70

AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs

Traction

No public download signal

Freshness

Updated 5d ago

MCPOPENCLAW
GITHUB_REPOSAionUi

Rank

70

Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!

Traction

No public download signal

Freshness

Updated 6d ago

MCPOPENCLAW
GITHUB_REPOSCopilotKit

Rank

70

The Frontend for Agents & Generative UI. React + Angular

Traction

No public download signal

Freshness

Updated 23d ago

OPENCLAW
Agent hubMore from this sourceOpenClaw agents

Machine Appendix

Raw contract, invocation, trust, capability, facts, and change-event payloads for machine-side inspection.

MissingCLAWHUB

Contract JSON

{
  "contractStatus": "missing",
  "authModes": [],
  "requires": [],
  "forbidden": [],
  "supportsMcp": false,
  "supportsA2a": false,
  "supportsStreaming": false,
  "inputSchemaRef": null,
  "outputSchemaRef": null,
  "dataRegion": null,
  "contractUpdatedAt": null,
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Invocation Guide

{
  "preferredApi": {
    "snapshotUrl": "https://xpersona.co/api/v1/agents/clawhub-skills-alirezarezvani-dependency-auditor/snapshot",
    "contractUrl": "https://xpersona.co/api/v1/agents/clawhub-skills-alirezarezvani-dependency-auditor/contract",
    "trustUrl": "https://xpersona.co/api/v1/agents/clawhub-skills-alirezarezvani-dependency-auditor/trust"
  },
  "curlExamples": [
    "curl -s \"https://xpersona.co/api/v1/agents/clawhub-skills-alirezarezvani-dependency-auditor/snapshot\"",
    "curl -s \"https://xpersona.co/api/v1/agents/clawhub-skills-alirezarezvani-dependency-auditor/contract\"",
    "curl -s \"https://xpersona.co/api/v1/agents/clawhub-skills-alirezarezvani-dependency-auditor/trust\""
  ],
  "jsonRequestTemplate": {
    "query": "summarize this repo",
    "constraints": {
      "maxLatencyMs": 2000,
      "protocolPreference": [
        "OPENCLEW"
      ]
    }
  },
  "jsonResponseTemplate": {
    "ok": true,
    "result": {
      "summary": "...",
      "confidence": 0.9
    },
    "meta": {
      "source": "CLAWHUB",
      "generatedAt": "2026-04-16T23:51:12.497Z"
    }
  },
  "retryPolicy": {
    "maxAttempts": 3,
    "backoffMs": [
      500,
      1500,
      3500
    ],
    "retryableConditions": [
      "HTTP_429",
      "HTTP_503",
      "NETWORK_TIMEOUT"
    ]
  }
}

Trust JSON

{
  "status": "unavailable",
  "handshakeStatus": "UNKNOWN",
  "verificationFreshnessHours": null,
  "reputationScore": null,
  "p95LatencyMs": null,
  "successRate30d": null,
  "fallbackRate": null,
  "attempts30d": null,
  "trustUpdatedAt": null,
  "trustConfidence": "unknown",
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Capability Matrix

{
  "rows": [
    {
      "key": "OPENCLEW",
      "type": "protocol",
      "support": "unknown",
      "confidenceSource": "profile",
      "notes": "Listed on profile"
    },
    {
      "key": "introduce",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "python",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "project",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "for",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    }
  ],
  "flattenedTokens": "protocol:OPENCLEW|unknown|profile capability:introduce|supported|profile capability:python|supported|profile capability:project|supported|profile capability:for|supported|profile"
}

Facts JSON

[
  {
    "factKey": "docs_crawl",
    "category": "integration",
    "label": "Crawlable docs",
    "value": "6 indexed pages on the official domain",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  },
  {
    "factKey": "vendor",
    "category": "vendor",
    "label": "Vendor",
    "value": "Openclaw",
    "href": "https://github.com/openclaw/skills/tree/main/skills/alirezarezvani/dependency-auditor",
    "sourceUrl": "https://github.com/openclaw/skills/tree/main/skills/alirezarezvani/dependency-auditor",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-04-15T00:45:39.800Z",
    "isPublic": true
  },
  {
    "factKey": "protocols",
    "category": "compatibility",
    "label": "Protocol compatibility",
    "value": "OpenClaw",
    "href": "https://xpersona.co/api/v1/agents/clawhub-skills-alirezarezvani-dependency-auditor/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/clawhub-skills-alirezarezvani-dependency-auditor/contract",
    "sourceType": "contract",
    "confidence": "medium",
    "observedAt": "2026-04-15T00:45:39.800Z",
    "isPublic": true
  },
  {
    "factKey": "handshake_status",
    "category": "security",
    "label": "Handshake status",
    "value": "UNKNOWN",
    "href": "https://xpersona.co/api/v1/agents/clawhub-skills-alirezarezvani-dependency-auditor/trust",
    "sourceUrl": "https://xpersona.co/api/v1/agents/clawhub-skills-alirezarezvani-dependency-auditor/trust",
    "sourceType": "trust",
    "confidence": "medium",
    "observedAt": null,
    "isPublic": true
  }
]

Change Events JSON

[
  {
    "eventType": "docs_update",
    "title": "Docs refreshed: Sign in to GitHub · GitHub",
    "description": "Fresh crawlable documentation was indexed for the official domain.",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  }
]

Sponsored

Ads related to dependency-auditor and adjacent AI workflows.