The Agent Skills Directory

[COMMAND_EXECUTION]: The functional test script scripts/test_scan_npm_dependency.py executes the local scanner script using the subprocess module. This call uses a structured list of arguments rather than a shell string, following security best practices for internal testing routines.
[SAFE]: The skill's primary functionality is contained within scripts/scan_npm_dependency.py, which performs read-only operations on common JavaScript manifest and lockfile formats (e.g., package.json, package-lock.json, yarn.lock). It uses standard libraries for parsing and does not exhibit any patterns of data exfiltration, credential harvesting, or remote code execution.

npm-scan