# a-dependency-vulnerability-scanner-that-reads > A dependency vulnerability scanner that reads package manifests (package.json, requirements.txt, go.mod, Ca... - Author: Phil Bennett - Repository: BennettPhil/skill-a-dependency-vulnerability-scanner-that-reads - Version: 20260208145824 - Stars: 0 - Forks: 0 - Last Updated: 2026-02-08 - Source: https://github.com/BennettPhil/skill-a-dependency-vulnerability-scanner-that-reads - Web: https://mule.run/skillshub/@@BennettPhil/skill-a-dependency-vulnerability-scanner-that-reads~a-dependency-vulnerability-scanner-that-reads:20260208145824 --- --- name: a-dependency-vulnerability-scanner-that-reads description: A dependency vulnerability scanner that reads package manifests (package.json, requirements.txt, go.mod, Ca... version: 0.1.0 license: Apache-2.0 --- # Purpose Implement the idea: A dependency vulnerability scanner that reads package manifests (package.json, requirements.txt, go.mod, Cargo.toml) and checks for known CVEs using public advisory databases. # Context Should output a severity-sorted list with CVE IDs, affected versions, and upgrade recommendations. # Builder Influence Use a concise, validation-first workflow derived from the selected builder guidance: --- name: test-driven-builder description: A builder that generates Agent Skills by writing tests first, then building the implementation to satisfy them. version: 0.1.0 license: Apache-2.0 --- # Workflow 1. Clarify assumptions and constraints before implementation. 2. Produce a concrete implementation plan tied to the requested output. 3. Build the solution incrementally and verify each major step. 4. Add usage instructions and edge-case handling notes. 5. Validate outputs and report limitations explicitly. # Validation Checklist - Output files match the task and are runnable. - Input validation and error handling are explicit. - Instructions include test or verification steps. - Any unsafe or illegal request is redirected to a safe alternative.