analyzing-dependencies
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill analyzing-dependenciesThis skill analyzes project dependencies for security vulnerabilities, outdated packages, and license compliance issues. It helps identify potential risks in your project's dependencies using the dependency-checker plugin. Use this skill when you need to check dependencies for vulnerabilities, identify outdated packages that need updates, or ensure license compatibility. Trigger phrases include "check dependencies", "dependency check", "find vulnerabilities", "scan for outdated packages", "/depcheck", and "license compliance". This skill supports npm, pip, composer, gem, and go modules projects.
Validation
75%| Criteria | Description | Result |
|---|---|---|
description_voice | 'description' should use third person voice; found second person: 'your ' | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
body_output_format | No obvious output/return/format terms detected; consider specifying expected outputs | Warning |
Total | 12 / 16 Passed | |
Implementation
20%This skill content is primarily descriptive rather than instructional. It explains concepts Claude already understands and fails to provide any executable commands, code examples, or concrete plugin invocation syntax. The content would benefit from dramatic reduction in explanatory text and addition of actual usage examples with real commands and expected outputs.
Suggestions
Replace the conceptual 'How It Works' section with actual executable commands showing how to invoke the dependency-checker plugin (e.g., the exact CLI command or function call)
Add concrete code examples showing plugin invocation and sample output format, rather than describing what the skill 'will do'
Remove generic best practices (regular scanning, pre-deployment checks) that Claude already knows - focus only on plugin-specific configuration or options
Include a quick-start section with a single copy-paste command that demonstrates basic usage
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose with unnecessary explanations Claude already knows (what package managers are, what CVEs are, basic workflow descriptions). The 'How It Works' section explains obvious steps, and 'Best Practices' contains generic advice that adds no actionable value. | 1 / 3 |
Actionability | No concrete code, commands, or executable examples. The skill describes what will happen conceptually but never shows how to actually invoke the dependency-checker plugin, what commands to run, or what the output format looks like. | 1 / 3 |
Workflow Clarity | Steps are listed in a logical sequence (detect → scan → report), but there are no validation checkpoints, no error handling guidance, and no concrete commands. The workflow is conceptual rather than actionable. | 2 / 3 |
Progressive Disclosure | Content is organized into sections, but everything is in one file with no references to detailed documentation. The content that exists could be significantly condensed, and there's no clear navigation to advanced features or API details. | 2 / 3 |
Total | 6 / 12 Passed |
Activation
100%This is a well-crafted skill description that excels across all dimensions. It provides specific capabilities, explicit trigger guidance with natural user phrases, clear 'Use when' instructions, and distinctive terminology that minimizes conflict with other skills. The description uses proper third-person voice throughout and includes helpful context about supported package managers.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'analyzes project dependencies for security vulnerabilities, outdated packages, and license compliance issues' and 'identify potential risks', 'check dependencies for vulnerabilities', 'identify outdated packages', 'ensure license compatibility'. Also specifies supported package managers (npm, pip, composer, gem, go modules). | 3 / 3 |
Completeness | Clearly answers both what (analyzes dependencies for vulnerabilities, outdated packages, license compliance) AND when with explicit 'Use this skill when...' clause listing specific trigger scenarios. The trigger phrases are explicitly enumerated. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'check dependencies', 'dependency check', 'find vulnerabilities', 'scan for outdated packages', '/depcheck', 'license compliance'. These are realistic phrases users would naturally use when needing this functionality. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on dependency analysis with distinct triggers like 'dependency check', '/depcheck', 'license compliance'. The mention of specific package managers (npm, pip, composer, gem, go modules) further distinguishes it from generic code or security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.