Skip to main content

Security Assist

See it in action

Watch the Security Assist Skill Demo to get an overview of this skill.

The Security Assist skill helps your AI coding assistant:

  • Identify and resolve security vulnerabilities in your project dependencies
  • Check if Abyss is already tracking the issue in the Security Updates Discussion before attempting fixes
  • Analyze dependency trees to trace vulnerable packages to their sources
  • Apply fixes in the correct order starting with updates, then parent package upgrades, then clean installs
  • Handle quarantine periods for external package fixes and escalate Abyss-specific issues
  • Generate detailed reports showing all changes made, with additional steps if needed

The skill follows a systematic approach to security fixes, ensuring vulnerabilities are resolved safely without breaking your application.

Prerequisites

Before installing this skill, ensure you have the Abyss CLI set up properly:

npx @uhg-abyss/cli -v

If the command fails, refer to the CLI Setup Guide for installation instructions.

Installation

Install the skill using the Abyss CLI:

npx @uhg-abyss/cli skills add abyss-security-assist

To verify the skill was installed successfully:

npx @uhg-abyss/cli skills list

Example prompts

Once installed, you can use prompts like these with this skill:

  • "I have a security vulnerability in lodash, how do I fix it?"
  • "npm audit shows a high severity CVE in a transitive dependency"
  • "Is this security warning from an Abyss package?"
  • "How do I resolve CVE-2024-XXXXX?"
  • "My security scan is flagging axios, what should I do?"
Table of Contents