๐Ÿ”
12917 skills
โ† All skills
Tencent SkillHub ยท Security & Compliance

DepGuard

Scan project dependencies for vulnerabilities, license compliance, and generate security or compliance reports using native package manager audits.

skill openclawclawhub Free
0 Downloads
0 Stars
0 Installs
0 Score
High Signal

Scan project dependencies for vulnerabilities, license compliance, and generate security or compliance reports using native package manager audits.

โฌ‡ 0 downloads โ˜… 0 stars Unverified but indexed

Install for OpenClaw

Quick setup
  1. Download the package from Yavira.
  2. Extract the archive and review SKILL.md first.
  3. Import or place the package into your OpenClaw setup.

Requirements

Target platform
OpenClaw
Install method
Manual import
Extraction
Extract archive
Prerequisites
OpenClaw
Primary doc
SKILL.md

Package facts

Download mode
Yavira redirect
Package format
ZIP package
Source platform
Tencent SkillHub
What's included
config/lefthook.yml, README.md, scripts/depguard.sh, scripts/hooks.sh, scripts/license.sh, scripts/policy.sh

Validation

  • Use the Yavira download entry.
  • Review SKILL.md after the package is downloaded.
  • Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

  1. Download the package from Yavira.
  2. Extract it into a folder your agent can access.
  3. Paste one of the prompts below and point your agent at the extracted folder.
New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source
Tencent SkillHub
Verification
Indexed source record
Version
1.0.1

Documentation

ClawHub primary doc Primary doc: SKILL.md 8 sections Open source page

DepGuard โ€” Dependency Audit & License Compliance

DepGuard scans your project dependencies for known vulnerabilities, license violations, and outdated packages. It uses native package manager audit tools (npm audit, pip-audit, cargo-audit, etc.) and enriches results with license analysis and risk scoring.

Free Tier (No license required)

depguard scan [directory] One-shot vulnerability and license scan of your project dependencies. How to execute: bash "<SKILL_DIR>/scripts/depguard.sh" scan [directory] What it does: Detects package manager (npm, yarn, pnpm, pip, cargo, go, composer, bundler, maven, gradle) Runs native audit commands (npm audit, pip-audit, cargo audit, etc.) Parses dependency manifests for license information Generates a security report with severity levels Lists packages with problematic or unknown licenses Example usage scenarios: "Scan my dependencies for vulnerabilities" โ†’ runs depguard scan . "Check the licenses of my node modules" โ†’ runs depguard scan . --licenses-only "Are any of my packages insecure?" โ†’ runs depguard scan depguard report [directory] Generate a formatted dependency health report in markdown. bash "<SKILL_DIR>/scripts/depguard.sh" report [directory]

Pro Tier ($19/user/month โ€” requires DEPGUARD_LICENSE_KEY)

depguard hooks install Install git hooks that scan dependencies on every commit that modifies lockfiles. bash "<SKILL_DIR>/scripts/depguard.sh" hooks install What it does: Validates Pro+ license Installs lefthook pre-commit hook targeting lockfile changes On every commit that modifies package-lock.json, yarn.lock, Cargo.lock, etc.: runs vulnerability scan, blocks commit if critical/high vulns found depguard hooks uninstall Remove DepGuard git hooks. bash "<SKILL_DIR>/scripts/depguard.sh" hooks uninstall depguard watch [directory] Continuous monitoring โ€” re-scans on any lockfile change. bash "<SKILL_DIR>/scripts/depguard.sh" watch [directory] depguard fix [directory] Auto-fix vulnerabilities by upgrading to patched versions where available. bash "<SKILL_DIR>/scripts/depguard.sh" fix [directory]

Team Tier ($39/user/month โ€” requires DEPGUARD_LICENSE_KEY with team tier)

depguard policy [directory] Enforce a dependency policy: block specific licenses, require minimum versions, deny specific packages. bash "<SKILL_DIR>/scripts/depguard.sh" policy [directory] depguard sbom [directory] Generate a Software Bill of Materials (SBOM) in CycloneDX or SPDX format. bash "<SKILL_DIR>/scripts/depguard.sh" sbom [directory] depguard compliance [directory] Generate a compliance report for auditors โ€” maps licenses to categories (permissive, copyleft, proprietary, unknown). bash "<SKILL_DIR>/scripts/depguard.sh" compliance [directory]

Supported Package Managers

ManagerLockfileAudit Toolnpmpackage-lock.jsonnpm audityarnyarn.lockyarn auditpnpmpnpm-lock.yamlpnpm auditpiprequirements.txt / Pipfile.lockpip-audit / safetycargoCargo.lockcargo auditgogo.sumgovulncheckcomposercomposer.lockcomposer auditbundlerGemfile.lockbundle auditmavenpom.xmlmvn dependency-checkgradlebuild.gradlegradle dependencyCheck

Configuration

Add to ~/.openclaw/openclaw.json: { "skills": { "entries": { "depguard": { "enabled": true, "apiKey": "YOUR_LICENSE_KEY", "config": { "severityThreshold": "high", "blockedLicenses": ["GPL-3.0", "AGPL-3.0"], "allowedLicenses": ["MIT", "Apache-2.0", "BSD-2-Clause", "BSD-3-Clause", "ISC"], "ignoredVulnerabilities": [], "autoFix": false, "sbomFormat": "cyclonedx" } } } } }

Important Notes

Free tier works immediately โ€” no configuration needed All scanning happens locally using native package manager audit tools License validation is offline โ€” no phone-home Falls back to manifest parsing if native audit tools aren't available Supports monorepos โ€” scans all workspaces/packages

When to Use DepGuard

The user might say things like: "Scan my dependencies for vulnerabilities" "Check my package licenses" "Are any of my npm packages insecure?" "Generate a security audit report" "Set up dependency monitoring" "Block GPL dependencies in this project" "Generate an SBOM" "Check if we're compliant with our license policy"

Category context

Identity, auth, scanning, governance, audit, and operational guardrails.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package
4 Scripts1 Docs1 Config
  • README.md Docs
  • scripts/depguard.sh Scripts
  • scripts/hooks.sh Scripts
  • scripts/license.sh Scripts
  • scripts/policy.sh Scripts
  • config/lefthook.yml Config

Related skills

Tencent SkillHub Free

1-SEC: All-in-One Cybersecurity for AI Agent Hosts

Install, configure, and manage 1-SEC โ€” an open-source, all-in-one cybersecurity platform (16 modules, single binary) on Linux servers and VPS instances. Use...

Security & Compliance skill openclaw
Tencent SkillHub Free

A SecOps expert to handle security issues, ensure that protections are in place and collect evidence for security analysis. The Skill also contains skill integrity checks.

Perform SecOps endpoint checks for EDR, Sysmon, updates, EVTX alerts, least privilege, network exposure, credential protection, vulnerabilities, weekly asses...

Security & Compliance skill openclaw
Tencent SkillHub Free

AI Compliance Readiness Assessment

AI Compliance Readiness Assessment โ€” evaluate how prepared an organization is for AI governance regulations (EU AI Act, NIST AI RMF, HHS mandates, state bar...

Security & Compliance skill openclaw