security-scan

Resolve npm dependency vulnerabilities detected by security scans.

1.25x

Quality

61%

Does it follow best practices?

Impact

97%

1.25x

Average score across 3 eval scenarios

Securityby

Advisory

Suggest reviewing before use

Optimize this skill with Tessl

npx tessl skill review --optimize ./frontend/.claude/skills/security-scan/SKILL.md

Evaluation results

100%

30%

Security Vulnerability Remediation

Direct dependency version pinning

Criteria

Without context

With context

lodash exact version

100%

axios exact version

100%

No caret on fixed deps

100%

CVE-2020-8203 referenced

100%

CVE-2021-3749 referenced

100%

Critical fixed first

100%

bun i --yarn documented

100%

type:check command documented

100%

test command documented

100%

build command documented

100%

Other deps unchanged

100%

92%

Transitive Dependency Security Hardening

Transitive deps via npm overrides

Criteria

Without context

With context

Uses overrides section

100%

semver NOT in direct deps

100%

semver override present

100%

semver override not wildcard

100%

tough-cookie override present

100%

tough-cookie NOT in direct deps

100%

Dependency chains documented

100%

High priority addressed

100%

bun i --yarn documented

Verify resolution command

100%

Original deps unchanged

100%

29%

Dependency Security Audit Remediation

Mixed severity triage and unmaintained package replacement

Criteria

Without context

With context

Critical addressed first

100%

xmldom replaced

100%

node-uuid replaced

100%

qs exact version

40%

100%

minimatch exact version

37%

100%

Comment for replacement

100%

CVE-2021-32796 referenced

100%

CVE-2022-24999 referenced

100%

bun i --yarn documented

100%

Full verify suite documented

100%

High before Low

100%

Unmaintained status noted

100%

Repository: redpanda-data/console
Commit: 02210fa

Evaluated: about 12 hours ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Security Vulnerability Remediation Transitive Dependency Security Hardening Dependency Security Audit Remediation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.