package-triage
OfficialRapidly assess software package safety and supply chain risk.
Software Engineering#software security#vulnerability scanning#supply chain security#artifact analysis#package triage#CVE checking#package safety
Authordreadnode
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Manually vetting software packages for security risks requires switching between multiple databases and tools, taking hours and often missing critical threats like malware or unpatched CVEs.
Core Features & Use Cases
- Multi-source risk aggregation: Combines Spectra Assure Community reports, OSV vulnerability data, and OpenSSF Scorecard metrics to build a complete risk profile for any package.
- Artifact tampering detection: Inspects downloaded package archives for obfuscated code, high-entropy files, and malicious patterns that may not appear in public vulnerability databases.
- Use case: A developer evaluating a new open source library for a production project can use this skill to get a clear adopt/avoid verdict with concrete supporting evidence in minutes instead of hours of manual research.
Quick Start
Use the package-triage skill to evaluate the safety of the lodash 4.17.21 npm package.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: package-triage Download link: https://github.com/dreadnode/capabilities/archive/main.zip#package-triage Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.