See it in action
Watch the Security Assist Skill Demo to get an overview of this skill.
The Security Assist skill helps your AI coding assistant:
- Identify and resolve security vulnerabilities in your project dependencies
- Check if Abyss is already tracking the issue in the Security Updates Discussion before attempting fixes
- Analyze dependency trees to trace vulnerable packages to their sources
- Apply fixes in the correct order starting with updates, then parent package upgrades, then clean installs
- Handle quarantine periods for external package fixes and escalate Abyss-specific issues
- Generate detailed reports showing all changes made, with additional steps if needed
The skill follows a systematic approach to security fixes, ensuring vulnerabilities are resolved safely without breaking your application.
Prerequisites
Before installing this skill, ensure you have the Abyss CLI set up properly:
npx @uhg-abyss/cli -vIf the command fails, refer to the CLI Setup Guide for installation instructions.
Installation
Install the skill using the Abyss CLI:
npx @uhg-abyss/cli skills add abyss-security-assistTo verify the skill was installed successfully:
npx @uhg-abyss/cli skills listExample prompts
Once installed, you can use prompts like these with this skill:
- "I have a security vulnerability in lodash, how do I fix it?"
- "npm audit shows a high severity CVE in a transitive dependency"
- "Is this security warning from an Abyss package?"
- "How do I resolve CVE-2024-XXXXX?"
- "My security scan is flagging axios, what should I do?"