Snyk Dependency Vulnerability Auditor
Audits npm, pip, and Go module dependencies using the Snyk CLI and REST API. Generates SBOM reports and auto-patches known CVEs with version-pinned upgrade recommendations.
npx skills add agentskillexchange/skills --skill snyk-dependency-vulnerability-auditor
The Snyk Dependency Vulnerability Auditor performs deep analysis of your project dependencies across multiple package ecosystems including npm, PyPI, and Go modules. It leverages the Snyk CLI for local scanning and the Snyk REST API v1 for enriched vulnerability intelligence.
What this skill actually does
The skill generates Software Bill of Materials (SBOM) in CycloneDX and SPDX formats, providing complete visibility into your dependency tree. Each vulnerability is mapped to its CVE identifier with CVSS scoring and exploit maturity data from the Snyk vulnerability database.
Automated remediation suggestions include version-pinned upgrades that resolve vulnerabilities without breaking changes. The agent tests upgrade compatibility by analyzing semver constraints and checking for known regressions in target versions.
Supports monorepo scanning with workspace-aware dependency resolution for npm workspaces, Yarn workspaces, and pnpm. License compliance checking identifies copyleft and restrictive licenses that may conflict with your project requirements. Results export to SARIF format for GitHub Advanced Security integration.