Skills

dependency-scanning

Installation
SKILL.md

Dependency Vulnerability Scanning Skill

Overview

This skill uses the GitHub MCP Server's Dependabot toolset and the check_dependency_vulnerabilities tool to find known vulnerabilities in project dependencies. It can check existing Dependabot alerts, look up specific packages, and verify new dependencies before merging.

What counts as a dependency vulnerability?

Dependency vulnerabilities are known security flaws (CVEs) in third-party packages your project depends on. Examples include:

  • Outdated npm packages with remote code execution flaws
  • Python libraries with SQL injection vulnerabilities
  • Go modules with denial-of-service weaknesses
  • Ruby gems with authentication bypass issues
  • Transitive dependencies inheriting upstream vulnerabilities

Why this is important

A single vulnerable dependency can allow remote code execution in your application, enable denial-of-service attacks, expose sensitive data through library flaws, fail compliance audits (SOC 2, PCI-DSS, HIPAA), or introduce supply chain attack vectors.

Installs
15
Repository
github/copilot-plugins
GitHub Stars
287
First Seen
May 14, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
dependency-scanning — github/copilot-plugins