auditing-pinned-dependencies

Community

Find unpinned installs before they drift.

Authorrocklambros
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps you catch dependency installs and build inputs that are not pinned to an exact version, reducing supply chain risk and preventing silent drift across builds and deployments.

Core Features & Use Cases

It reviews install commands, Docker base images, CI workflows, package manifests, and Python requirement files to spot mutable versions, risky remote execution patterns, and lockfile gaps. It is useful when auditing a new repository, hardening an existing project, reviewing an MCP install command, or checking a pipeline for reproducibility problems. It returns concrete findings with line references, suggested pinned replacements, and severity guidance so you can fix blocking issues first.

Quick Start

Use this skill to audit the repository for unpinned dependency installs and return each finding with its file, line number, current command, suggested pinned replacement, and severity.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: auditing-pinned-dependencies
Download link: https://github.com/rocklambros/rcs/archive/main.zip#auditing-pinned-dependencies

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.