Scan project dependencies for supply-chain vulnerabilities with MurphySec
Run MurphySec CLI against a project before release or dependency approval to detect vulnerable direct and transitive dependencies.
npx skills add agentskillexchange/skills --skill scan-project-dependencies-for-supply-chain-vulnerabilities-with-murphysec
Use MurphySec when an agent or release operator needs a bounded dependency-risk check before approving a repository, pull request, build, or third-party codebase. The workflow is concrete: install the MurphySec CLI, authenticate with a MurphySec access token, run `murphysec scan [project-path] –json`, and route the vulnerability report into remediation or approval review. Invoke it when the agent needs repeatable SCA evidence from Java, JavaScript, or Go projects instead of manually browsing the MurphySec platform. The scope boundary is the CLI-driven dependency vulnerability scan and result handoff; this is not a generic security platform card, a full CI/CD suite, or a broad software-composition policy framework.
What this skill actually does
Inputs and prerequisites: MurphySec CLI; MurphySec account access token for authentication.
Setup notes: Download a release from https://github.com/murphysecurity/murphysec/releases/latest or review and run the upstream installer for your OS, authenticate with `murphysec auth login` or `–token`, then scan with `murphysec scan [project-path] –json`.
Source and verification boundary: use https://github.com/murphysecurity/murphysec as the canonical reference before running the workflow; keep commands, API calls, CLI usage, and generated outputs reviewable against that upstream source.
Framework fit: publish this as a Multi-Framework workflow only when the operator can invoke the documented toolchain directly, rather than treating the upstream project as a generic product listing.