/sentinel:package-risk

Package Risk Analysis

Analyzes an installed package's source code for suspicious behavior patterns — eval calls, network requests, environment access, and obfuscation.

What it does

Inspects actual source code, not just metadata

Detects supply chain attack patterns

Supports JS, Python, Rust, and Go ecosystems

Other Sentinel skills

/sentinel:assessSecurity AssessmentAssesses your project's security surface — detects stack, package managers, security tooling, and integrations. Generates config for ongoing scanning.

/sentinel:scanFull Security ScanCombines Semgrep static analysis and dependency audit. Writes findings to tasks-plans/tasks.md with severity mapping.

/sentinel:audit-depsDependency CVE AuditFocused vulnerability audit. Reports CVEs with installed/fixed versions and exact upgrade commands.

/sentinel:headersHTTP Security HeadersAnalyzes security headers for a given URL. Context-aware grading based on exploitable risk, not checkbox compliance.

Get Started Back to Sentinel