package-triage

Official

Rapidly assess software package safety and supply chain risk.

Authordreadnode
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Manually vetting software packages for security risks requires switching between multiple databases and tools, taking hours and often missing critical threats like malware or unpatched CVEs.

Core Features & Use Cases

  • Multi-source risk aggregation: Combines Spectra Assure Community reports, OSV vulnerability data, and OpenSSF Scorecard metrics to build a complete risk profile for any package.
  • Artifact tampering detection: Inspects downloaded package archives for obfuscated code, high-entropy files, and malicious patterns that may not appear in public vulnerability databases.
  • Use case: A developer evaluating a new open source library for a production project can use this skill to get a clear adopt/avoid verdict with concrete supporting evidence in minutes instead of hours of manual research.

Quick Start

Use the package-triage skill to evaluate the safety of the lodash 4.17.21 npm package.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: package-triage
Download link: https://github.com/dreadnode/capabilities/archive/main.zip#package-triage

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.