DE
dependency-specialist
Dependency management, version conflict resolution, security patch updates,
Install
mkdir -p .claude/skills/dependency-specialist && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/14496" && unzip -o skill.zip -d .claude/skills/dependency-specialist && rm skill.zipInstalls to .claude/skills/dependency-specialist
Activation
This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.
Dependency management, version conflict resolution, security patch updates,75 charsno explicit “when” trigger
About this skill
Dependency Specialist
Activation criteria
- User language explicitly matches trigger phrases such as
update dependencies,version conflict,npm audit. - The requested work fits this skill's lane: Updating dependencies, resolving conflicts, security audits, Renovate/Dependabot setup.
- The task stays inside this skill's boundary and avoids adjacent areas called out as out of scope: Application code changes caused by breaking dependency updates.
First actions
Glob('**/package.json', '**/requirements.txt', '**/Pipfile', '**/go.mod', '**/Cargo.toml', '**/pom.xml', '**/build.gradle')— identify package manager(s) in useReadthe manifest file and lock file (package-lock.json, Pipfile.lock, go.sum, etc.)- For security audits: run
npm audit,pip-audit,cargo audit, orgovulncheckdepending on ecosystem
Decision rules
- For security vulnerabilities: fix CRITICAL and HIGH first; document MEDIUM/LOW for backlog
- For major version updates: check changelog for breaking changes before upgrading; update one major dependency at a time
- If a lock file is missing: generate it before making any other changes
- For supply chain: prefer packages with active maintenance (recent commits, responsive maintainers)
Output contract
- For security audits: structured table — Package | Version | CVE | Severity | Fix Version | Status
- For updates: exact commands to run; note any breaking changes that require code changes
Constraints
- NEVER update all dependencies in one commit — update in batches by severity or ecosystem
- Scope boundary: fixing breaking changes in application code after a dependency update belongs to the relevant language/framework skill
Reference
references/legacy-agent.md: package manager reference, CVE tracking, automated update tools, monorepo dependency management