Audit a project's dependency supply chain — known CVEs in installed packages, secrets about to be committed, and lockfile/provenance integrity — and wire the checks into CI as a merge gate. Use when asked to audit dependencies, check for vulnerable packages, scan for leaked secrets, add a security gate to CI, or harden the supply chain. Complements security-audit (app-level) and git-safety (git history).
Installation
1
Add the marketplace
/plugin marketplace add shipshitdev/skills
2
Install plugins
/plugin
Run these commands in Claude Code to add this plugin to your environment. The marketplace must be added before you can install its plugins.