Updated July 2026
Checking dependencies for vulnerabilities one at a time is slow and easy to skip. With the audit_dependencies tool, an AI agent can scan an entire manifest in a single call and tell you exactly which packages are vulnerable.
Paste the contents of a package.json (npm), requirements.txt (PyPI), or go.mod (Go). The tool auto-detects the format, batch-queries the OSV.dev vulnerability database for every dependency at once, and returns a consolidated report: which packages are affected, how many vulnerabilities each has, and the advisory IDs.
claude mcp add --transport http security-intel https://security-intel-mcp.greenfield1775.workers.dev/mcpNo API key needed. Then ask your agent:
"Audit the dependencies in this package.json for known vulnerabilities."Add one line to your project CLAUDE.md so every review runs an audit:
Before merging, run audit_dependencies on the project manifest.Free tier shows the top findings; a Pro key returns the full tree. Open source (MIT) — see GitHub or the pricing.