Skip to content

Product
Enterprise
Pricing
Resources

Enterprise
Pricing

Product

Agents
Enterprise
Code Review
Cloud
Tab
CLI
Pricing

Resources

Download
Changelog
Docs
Forum ↗
Status ↗
Future ↗
Marketplace

Company

Careers
Blog
Community
Students
Brand
Anysphere ↗

Legal

Terms of Service
Privacy Policy
Data Use
Security

Connect

X ↗
LinkedIn ↗
YouTube ↗

© 2026 Anysphere, Inc.🛡︎ SOC 2 Certified

jfrog-package-safety-and-download | Cursor Skill

/

Created by JFrogVerified by CursorView Source

/

jfrog-package-safety-and-download

Cursor Skill

Check JFrog Public Catalog and stored packages for a version, interpret catalog security signals, and download through Artifactory (JFrog Platform locations, remote cache, curation-aware package managers, or repo proxy). Use when the user asks whether a package is safe, allowed, curated, or wants to download npm, Maven, PyPI, Go, or similar packages via JFrog. Do NOT use for pure CVE or vulnerability lookups (e.g. "details on CVE-2021-23337") — those are handled by the jfrog skill's Public security domain queries without this workflow.

JFrog Platform integration with MCP, security skills, supply-chain best practices, and JFrog Agent Guard governance for adding, removing, and listing MCP servers.

Created by JFrogVerified by CursorView Source

jfrogInteract with the JFrog Platform via the JFrog CLI, JFrog MCP server and REST/GraphQL APIs. Use this skill when the user wants to manage Artifactory repositories, upload or download artifacts, manage builds, configure permissions, manage users and groups, work with access tokens, configure JFrog CLI servers, search artifacts, manage properties, set up replication, manage JFrog Projects, run security audits or scans, look up CVE details, query exposures scan results from JFrog Advanced Security, manage release bundles and lifecycle operations, aggregate or export platform data, or perform any JFrog Platform administration task. Also use when the user mentions jf, jfrog, artifactory, xray, distribution, evidence, apptrust, onemodel, graphql, workers, mission control, curation, advanced security, exposures, or any JFrog product name.

jfrog-package-safety-and-downloadCheck JFrog Public Catalog and stored packages for a version, interpret catalog security signals, and download through Artifactory (JFrog Platform locations, remote cache, curation-aware package managers, or repo proxy). Use when the user asks whether a package is safe, allowed, curated, or wants to download npm, Maven, PyPI, Go, or similar packages via JFrog. Do NOT use for pure CVE or vulnerability lookups (e.g. "details on CVE-2021-23337") — those are handled by the jfrog skill's Public security domain queries without this workflow.

supply-chain-securityAudits dependencies and artifacts for vulnerabilities, license compliance, and curation policy violations using JFrog Platform data.

sessionstartHook: sessionStart

jfrog-securitySupply-chain security practices when adding or updating dependencies