auditing-pinned-dependencies
CommunityFind unpinned installs before they drift.
System Documentation
What problem does it solve?
This Skill helps you catch dependency installs and build inputs that are not pinned to an exact version, reducing supply chain risk and preventing silent drift across builds and deployments.
Core Features & Use Cases
It reviews install commands, Docker base images, CI workflows, package manifests, and Python requirement files to spot mutable versions, risky remote execution patterns, and lockfile gaps. It is useful when auditing a new repository, hardening an existing project, reviewing an MCP install command, or checking a pipeline for reproducibility problems. It returns concrete findings with line references, suggested pinned replacements, and severity guidance so you can fix blocking issues first.
Quick Start
Use this skill to audit the repository for unpinned dependency installs and return each finding with its file, line number, current command, suggested pinned replacement, and severity.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: auditing-pinned-dependencies Download link: https://github.com/rocklambros/rcs/archive/main.zip#auditing-pinned-dependencies Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.