Dependency Health Check is a skill published by agensi that automates security and maintenance auditing of a project’s dependency tree across polyglot codebases. It detects the package managers present in a project, extracts dependency versions from manifests, and cross-references them against security advisories to surface known CVEs and vulnerabilities using local ecosystem tools and internal reference tables.
Beyond security, the skill flags packages that are deprecated or have not received an update in over 12 months, identifying what the description calls “ghost” packages that represent quiet maintenance risk. It also detects version drift, meaning production dependencies that have fallen behind major or minor upstream releases, and checks environment integrity by finding version conflicts across manifests and identifying missing lockfiles.
The skill covers nine package ecosystems: npm, yarn, and pnpm for Node.js; pip and poetry for Python; Go modules; Cargo for Rust; Bundler for Ruby; and Maven for Java. Results are delivered as a structured, multi-tier health report that groups findings by severity so developers can prioritize remediation. The skill applies a deterministic classification framework rather than freeform analysis, which means findings are consistent across runs. It is a skill, not an MCP server, so it has no exposed network tools and does not require environment variable configuration.