技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.1
统计:⭐ 0 · 44 · 1 current installs · 1 all-time installs
⭐ 0
安装量(当前) 1
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:axelhu/dependency-tracker
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill's checks and reports match its description, but it expects to send reports to Feishu while declaring no credentials or delivery mechanism — this mismatch should be clarified before installation.
目的
The stated purpose (weekly checks of Node.js/npm and global packages) aligns with the listed commands in references/spec.md (node -v, npm -v, npm list -g, npm outdated). However the SKILL.md requires delivering the report to a Feishu channel/ID even though the skill declares no credentials, webhook, or messaging dependency — that delivery requirement is out of band with the declared requirements.
说明范围
Instructions are concrete and scoped to running local shell commands and writing a Markdown report under data/exec-logs/*. The skill reads the included references/spec.md (present). The only out-of-scope element is the unspecified report delivery step: it mandates sending to Feishu but provides no delivery method, tokens, or API endpoints. The skill also requires listing globally installed packages (npm list -g), which legitimately reveals ins…
安装机制
This is an instruction-only skill with no install spec and no code files, so nothing will be written or executed by an install step. That is proportionate to the described functionality.
证书
The SKILL.md explicitly requires sending messages to Feishu (channel + target ID) but the skill metadata lists no required environment variables or credentials. Either the skill assumes the agent already has Feishu integration (possible) or it silently expects credentials to be supplied elsewhere. This mismatch is a security and operational concern. Additionally, the skill reads/writes local files and lists global npm packages — those actions …
持久
The skill is not always-enabled and does not request persistent or elevated platform privileges. It writes report files under data/exec-logs/* (its own output path) which is normal for a reporting skill.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Dependency Tracker」。简介:每周依赖检查。检查 Node.js、npm 版本和全局包是否有可用更新。触发时机:cron 定时任务或手动调用。。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/axelhu/dependency-tracker/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: dependency-tracker
version: 1.0.0
description: 每周依赖检查。检查 Node.js、npm 版本和全局包是否有可用更新。触发时机:cron 定时任务或手动调用。
---
# Dependency Tracker
每周检查项目依赖是否有更新,确保安全和兼容性。
## 核心流程
1. 读取 references/spec.md 获取详细规范
2. 检查 Node.js 版本
3. 检查 npm 版本
4. 检查全局安装的包
5. 运行 npm outdated 检查可更新包
6. 生成报告并发送
## 触发时机
- cron 定时任务(建议每周)
- 用户明确要求时
## 投递规则(必须)
完成报告后,通过消息工具发送。
- 渠道:feishu
- 目标:<飞书群ID或用户ID>
如果报告超过 3800 字符,分成多条消息发送。
每条消息必须语义完整(不断开 URL 或格式)。
如果发送失败,重试一次。如果仍然失败,输出错误——永远不要静默退出。
## 输出
- 报告位置:`data/exec-logs/dependency-tracker/YYYY-MM-DD.md`
- 消息推送到飞书群