meterian/security-audit
Use for dependency security audits and compliance checks. Use when auditing project dependencies for vulnerabilities, answering "is [library] [version] safe?" questions, or remediating vulnerable libraries. Also activates automatically when the user opens or modifies a manifest file (package.json, package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pom.xml, Cargo.toml, go.mod, Gemfile, composer.json, build.gradle, *.csproj, pubspec.yaml, conanfile.txt, conanfile.py, project.clj, deps.edn, Package.swift, pubspec.lock, Package.resolved, Gemfile.lock, poetry.lock, uv.lock, Cargo.lock, composer.lock).
96
90%
Does it follow best practices?
Impact
99%
1.83xAverage score across 8 eval scenarios
Passed
No known issues
task.mdevals/scenario-3/
Security Audit: Go Authentication Microservice
Problem/Feature Description
A Go microservice (inputs/go.mod) handles authentication and session management for the platform. Because it processes credentials and session tokens, the security team requires it to be scanned for vulnerable dependencies before any changes go to production.
The Go ecosystem relies on a module system and the service has several third-party dependencies that haven't been reviewed in over a year.
Output Specification
Scan the Go module's dependencies for known vulnerabilities and produce a report saved to security-report.md. The report should list all packages audited, flag any CVEs or security advisories found, and include a summary.
Also save the raw scan data to scan-raw.json.