depguard
Dependency audit, vulnerability scanning, and license compliance.
Setup & Installation
Install command
clawhub install suhteevah/depguardIf the CLI is not installed:
Install command
npx clawhub@latest install suhteevah/depguardOr install with OpenClaw CLI:
Install command
openclaw skills install suhteevah/depguardor paste the repo link into your assistant's chat
Install command
https://github.com/openclaw/skills/tree/main/skills/suhteevah/depguardWhat This Skill Does
DepGuard scans project dependencies for known vulnerabilities, license violations, and outdated packages using native package manager audit tools. It supports 10 package managers including npm, pip, cargo, and Go. Free one-shot scans require no configuration; paid tiers add git hooks, continuous monitoring, SBOM generation, and compliance reporting.
It wraps native audit tools for 10 package managers into one command, adding license analysis and offline risk scoring without sending dependency data to an external server.
When to Use It
- Checking npm packages for CVEs before a production deploy
- Auditing open source licenses before shipping a commercial product
- Blocking GPL dependencies from entering a proprietary codebase
- Generating an SBOM for a security audit or procurement requirement
- Auto-fixing vulnerable package versions across a monorepo
Example Workflow
Here's how your AI assistant might use this skill in practice.
User asks: Checking npm packages for CVEs before a production deploy
- 1Checking npm packages for CVEs before a production deploy
- 2Auditing open source licenses before shipping a commercial product
- 3Blocking GPL dependencies from entering a proprietary codebase
- 4Generating an SBOM for a security audit or procurement requirement
- 5Auto-fixing vulnerable package versions across a monorepo
Dependency audit, vulnerability scanning, and license compliance.
Security Audits
These signals reflect official OpenClaw status values. A Suspicious status means the skill should be used with extra caution.