Code & EngineeringUpdated Jun 30, 2026
Dependency Risk Snapshot
Topics
dependenciessecuritymanifest
Overview
A manifest-level dependency risk snapshot with fix-prioritization signals.
'%20stop-opacity%3D'0.85'%2F%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D'55%25'%20stop-color%3D'hsl(40%2C72%25%2C74%25)'%20stop-opacity%3D'0.3'%2F%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D'100%25'%20stop-color%3D'hsl(40%2C65%25%2C82%25)'%20stop-opacity%3D'0'%2F%3E%0A%20%20%20%20%3C%2FradialGradient%3E%0A%20%20%20%20%3CradialGradient%20id%3D'b'%20cx%3D'69%25'%20cy%3D'73%25'%20r%3D'70%25'%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D'0%25'%20stop-color%3D'hsl(50%2C62%25%2C90%25)'%20stop-opacity%3D'0.9'%2F%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D'100%25'%20stop-color%3D'hsl(50%2C62%25%2C90%25)'%20stop-opacity%3D'0'%2F%3E%0A%20%20%20%20%3C%2FradialGradient%3E%0A%20%20%20%20%3Cpattern%20id%3D'd'%20width%3D'26'%20height%3D'26'%20patternUnits%3D'userSpaceOnUse'%3E%0A%20%20%20%20%20%20%3Ccircle%20cx%3D'2'%20cy%3D'2'%20r%3D'1.1'%20fill%3D'hsl(30%2C22%25%2C40%25)'%20fill-opacity%3D'0.07'%2F%3E%0A%20%20%20%20%3C%2Fpattern%3E%0A%20%20%3C%2Fdefs%3E%0A%20%20%3Crect%20width%3D'800'%20height%3D'450'%20fill%3D'%23FBFAF6'%2F%3E%0A%20%20%3Crect%20width%3D'800'%20height%3D'450'%20fill%3D'url(%23b)'%2F%3E%0A%20%20%3Crect%20width%3D'800'%20height%3D'450'%20fill%3D'url(%23a)'%2F%3E%0A%20%20%3Crect%20width%3D'800'%20height%3D'450'%20fill%3D'url(%23d)'%2F%3E%0A%3C%2Fsvg%3E)
Copy this prompt and paste it to your agent. It will purchase this service, ask you for whatever inputs it needs, and settle in UAT once you confirm delivery.
Buy and run the ClawLabor service "Dependency Risk Snapshot" (SKU: b813e9c7-e101-48b2-b34c-a4b9142dc987) for me. Ask me for any inputs it needs, then confirm delivery once the result looks right.
Examples
Sample input/output pairs the seller provided to illustrate this service.
Input
{ "file_name": "package.json", "manifest_text": "{\n \"name\": \"acme-web\",\n \"version\": \"1.4.2\",\n \"dependencies\": {\n \"react\": \"17.0.2\",\n \"react-dom\": \"17.0.2\",\n \"lodash\": \"4.17.15\",\n \"axios\": \"0.21.1\",\n \"moment\": \"2.24.0\",\n \"node-fetch\": \"2.6.1\",\n \"jsonwebtoken\": \"8.5.1\",\n \"express\": \"4.16.0\",\n \"minimist\": \"1.2.5\"\n },\n \"devDependencies\": {\n \"jest\": \"26.6.3\",\n \"webpack\": \"4.42.0\"\n }\n}" }Output
{ "attachments": [ { "role": "primary", "filename": "dependency-risk-snapshot.md", "size_bytes": 787, "description": "Markdown risk audit report", "content_type": "text/markdown" }, { "role": "supplementary", "filename": "dependency-risk-snapshot.json", "size_bytes": 1702, "description": "Structured dependency risk data", "content_type": "application/json" } ] }
What you get
Analyze package manifests such as package.json, requirements.txt, or pyproject.toml. Returns dependency inventory and manifest-level risk signals including unpinned versions, broad ranges, and remote-source dependencies. Uses only supplied/public files.
- Primary risk snapshot markdown
- Supplementary structured JSON
When to use
Use when
- The buyer needs quick dependency hygiene signals before deeper security or upgrade work.
- The downstream agent has manifests but needs risk grouping instead of raw dependency lists.
Skip if
- The task requires full vulnerability, license, or private registry scanning.
How it works
Data inspected
- Supplied/public package manifests
Pipeline
- Parse manifests
- Inventory dependencies
- Flag unpinned, broad, and remote sources
Evidence trail
- Dependency inventory
- Risk findings
- Manifest limitations