analyzing-dependencies
This skill analyzes project dependencies for security vulnerabilities, outdated packages, and license compliance issues. It helps identify potential risks in your project's dependencies using the dependency-checker plugin. Use this skill when you need to check dependencies for vulnerabilities, identify outdated packages that need updates, or ensure license compatibility. Trigger phrases include "check dependencies", "dependency check", "find vulnerabilities", "scan for outdated packages", "/depcheck", and "license compliance". This skill supports npm, pip, composer, gem, and go modules projects.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill analyzing-dependencies66
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillAgent success when using this skill
Validation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It provides specific capabilities, explicit trigger guidance with natural user phrases, clear 'Use when' instructions, and distinctive terminology that minimizes conflict with other skills. The inclusion of supported package managers adds valuable specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'analyzes project dependencies for security vulnerabilities, outdated packages, and license compliance issues' and 'identify potential risks', 'check dependencies for vulnerabilities', 'identify outdated packages', 'ensure license compatibility'. Also specifies supported package managers (npm, pip, composer, gem, go modules). | 3 / 3 |
Completeness | Clearly answers both what (analyzes dependencies for vulnerabilities, outdated packages, license compliance) AND when with explicit 'Use this skill when...' clause listing specific trigger scenarios. The trigger phrases are explicitly enumerated. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'check dependencies', 'dependency check', 'find vulnerabilities', 'scan for outdated packages', '/depcheck', 'license compliance'. These are realistic phrases users would naturally use when needing this functionality. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on dependency analysis with distinct triggers like 'dependency check', '/depcheck', 'license compliance'. The mention of specific package managers (npm, pip, composer, gem, go modules) further distinguishes it from generic code or security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
20%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is overly descriptive and lacks actionable guidance. It explains what the skill does conceptually but never provides the actual commands, code examples, or output formats needed to use the dependency-checker plugin. The content reads like documentation about a feature rather than instructions for Claude to execute.
Suggestions
Add the actual command syntax for invoking the dependency-checker plugin (e.g., `dependency-checker scan --type npm`)
Include a concrete example of the output format/report structure so Claude knows what to expect and present
Remove the 'How It Works' and 'Best Practices' sections - Claude doesn't need explanations of what package managers are or generic advice about regular scanning
Add specific error handling guidance for common failure cases (e.g., missing manifest files, network issues with vulnerability databases)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and explains concepts Claude already knows (what package managers are, what CVEs are, basic workflow descriptions). The 'How It Works' section describes obvious steps, and 'Best Practices' contains generic advice that adds no actionable value. | 1 / 3 |
Actionability | No concrete code, commands, or executable examples are provided. The skill describes what will happen abstractly ('The skill will detect...') but never shows the actual command to invoke the dependency-checker plugin or example output formats. | 1 / 3 |
Workflow Clarity | Steps are listed in a logical sequence (detect → scan → report), but there are no validation checkpoints, no error handling guidance, and no concrete commands. The workflow is conceptual rather than executable. | 2 / 3 |
Progressive Disclosure | Content is organized into sections, but it's a monolithic document with no references to external files for detailed information. The content could be much more concise with advanced topics split out. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.