Name: meterian/security-audit
Rating: 96.3 (1 reviews)
Author: meterian

meterian/security-audit

Use for dependency security audits and compliance checks. Use when auditing project dependencies for vulnerabilities, answering "is [library] [version] safe?" questions, or remediating vulnerable libraries. Also activates automatically when the user opens or modifies a manifest file (package.json, package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pom.xml, Cargo.toml, go.mod, Gemfile, composer.json, build.gradle, *.csproj, pubspec.yaml, conanfile.txt, conanfile.py, project.clj, deps.edn, Package.swift, pubspec.lock, Package.resolved, Gemfile.lock, poetry.lock, uv.lock, Cargo.lock, composer.lock).

1.83x

Quality

90%

Does it follow best practices?

Impact

99%

1.83x

Average score across 8 eval scenarios

Securityby

Passed

No known issues

{
  "context": "Tests whether the agent correctly maps pom.xml to the java language parameter, extracts Maven dependency coordinates, and invokes the Meterian CLI. CLI invocation verified via Meterian-specific format in scan-raw.json (vulnerable/summary structure, safeVersions field).",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "java language",
      "description": "`scan-raw.json` contains entries with `\"language\":\"java\"` — confirming the correct language parameter (not `maven`, `jvm`, or `spring`)",
      "max_score": 22
    },
    {
      "name": "pom.xml extraction",
      "description": "Extracts dependency names and versions from pom.xml — confirmed by entries in `scan-raw.json` (e.g. jackson-databind 2.11.0, log4j 1.2.17)",
      "max_score": 20
    },
    {
      "name": "Raw scan data file",
      "description": "A file named `scan-raw.json` exists containing a JSON object with a `vulnerable` array — the Meterian CLI check output format",
      "max_score": 18
    },
    {
      "name": "Meterian format: safeVersions",
      "description": "Entries in the `vulnerable` array of `scan-raw.json` contain a `safeVersions` field — a distinctive Meterian-only field not produced by Maven plugins or web search",
      "max_score": 15
    },
    {
      "name": "Markdown table",
      "description": "Report contains a markdown table with the required columns: Package, Version, Severity, ID, Safe Version(s)",
      "max_score": 15
    },
    {
      "name": "Summary line",
      "description": "Report includes a summary line with total vulnerability count and number of clean packages",
      "max_score": 10
    }
  ]
}

evals

scenario-1

scenario-2

scenario-3

scenario-4

scenario-5

criteria.json

task.md

scenario-6

scenario-7

scenario-8

SKILL.md

tile.json

meterian/security-audit

criteria.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-5/

criteria.jsonevals/scenario-5/