CtrlK
BlogDocsLog inGet started
Tessl Logo

dependency-management

Manage third-party libraries, runtimes, and SaaS dependencies. Use this skill when setting an update cadence, responding to security advisories, dealing with deprecated dependencies, evaluating new dependencies, auditing what's installed, or unblocking a dependency upgrade. Triggers on dependency, package update, security patch, lockfile, deprecated, breaking change, supply chain, dependency audit, npm audit, dependabot, renovate. Also triggers when a build breaks after an update or when an advisory is published for a used package.

74

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

85%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The content is highly actionable and well-structured with a clear, validated multi-step workflow and a real, cleanly-linked reference file. The main weakness is verbosity — several sections could be trimmed to improve token efficiency.

Suggestions

Trim verbose sections to improve token efficiency: collapse the 11 failure-pattern entries to the highest-value 5-6, and remove the 'mentioned for completeness' Category 4 or fold it into a note.

Consider externalizing the full 8-step upgrade workflow or the failure-patterns list into a reference file (alongside upgrade-checklist.md) so SKILL.md stays a lean overview, which would also strengthen progressive_disclosure.

Cut the aphoristic one-liners (e.g., 'Every dependency has a cost. Free packages aren't free.') that restate the preceding bullet list.

DimensionReasoningScore

Conciseness

The body is substantive and avoids explaining basics Claude already knows, but at roughly 310 lines it is verbose — sections like the 11 failure patterns, the aphoristic one-liners, and 'Category 4: Optional/dev-only-personal' could be tightened without losing value.

2 / 3

Actionability

It gives concrete executable commands ('npm ls --all --json', 'npm audit', 'pip-audit', 'npx codemod-name'), a specific severity-vs-direct/indirect prioritization table, and copy-paste-ready SLAs and pinning advice.

3 / 3

Workflow Clarity

The 8-step workflow is clearly sequenced with explicit validation checkpoints — Step 4 requires running the full test suite, smoke-testing in staging, and watching monitoring, with a feedback loop to avoid merging known-broken updates.

3 / 3

Progressive Disclosure

SKILL.md is a clear overview with one well-signaled, one-level-deep reference (references/upgrade-checklist.md, verified to exist) and clean section navigation; no nested reference chains.

3 / 3

Total

11

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific, trigger-rich, and complete, clearly stating both what the skill does and when to use it with natural language triggers. It is a strong, well-scoped description with no significant weaknesses.

DimensionReasoningScore

Specificity

The description lists multiple concrete actions — 'setting an update cadence, responding to security advisories, dealing with deprecated dependencies, evaluating new dependencies, auditing what's installed, or unblocking a dependency upgrade' — matching the anchor for listing several specific concrete actions.

3 / 3

Completeness

It explicitly answers both 'what' ('Manage third-party libraries, runtimes, and SaaS dependencies') and 'when' ('Use this skill when...'), with explicit trigger guidance throughout.

3 / 3

Trigger Term Quality

It provides broad coverage of natural terms users would say ('dependency, package update, security patch, lockfile, deprecated, breaking change, supply chain, npm audit, dependabot, renovate'), plus behavioral triggers like a build breaking after an update.

3 / 3

Distinctiveness Conflict Risk

The dependency-management niche is clear with distinct, specific trigger terms, making it unlikely to fire for unrelated skills.

3 / 3

Total

12

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
rampstackco/claude-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.