← Back to Skills Marketplace
mahimairaja

envoic

by Mahimai Raja J · GitHub ↗ · v0.0.9
cross-platform ⚠ suspicious
384
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install envoic
Description
Scan, audit, and clean up Python virtual environments (.venv, conda), node_modules, and development artifacts consuming disk space. Use when the user mention...
README (SKILL.md)

envoic - Environment Scanner and Cleanup Skill

Use envoic to discover and safely clean Python virtual environments, node_modules, and development artifacts.

Quick Start

uvx envoic scan .
uvx envoic manage . --dry-run
npx envoic scan . --deep

If uvx is unavailable, install Python package with pip install envoic. If npx is unavailable, install JS package with npm install -g envoic.

Primary Workflows

1) Onboarding Health Check

  1. Run uvx envoic info .venv (or npx envoic info node_modules).
  2. If environment is broken or stale, propose delete-and-recreate steps.

2) Disk Space Recovery

  1. Run uvx envoic scan \x3Croot> --deep and/or npx envoic scan \x3Croot> --deep.
  2. Identify largest stale candidates.
  3. Run manage --dry-run, then actual cleanup only after confirmation.

3) Build/Test Artifact Cleanup

  1. Scan project root.
  2. Prefer deleting SAFE artifacts first.
  3. Warn for CAREFUL artifacts.

Safety Contract

  1. Always scan before delete.
  2. Prefer --dry-run before destructive operations.
  3. Never delete lock files or project manifest files.
  4. Require explicit user confirmation for non-dry-run cleanup.

See full policy in references/safety.md.

Verified Trigger Phrases

  • "Find and remove stale virtualenvs"
  • "Clean old node_modules and caches"
  • "I hit ENOSPC, free up disk from dev artifacts"
  • "Audit environment sprawl in this workspace"
  • "Check if this .venv is broken"
  • "List largest build artifacts"
  • "Dry-run cleanup plan for Python and JS"
  • "Find dangling venv symlinks"
  • "Clean test/build caches safely"
  • "Generate JSON report for stale environments"

References

  • Full command catalog: references/commands.md
  • Safety and risk tiers: references/safety.md
  • Troubleshooting and fallbacks: references/troubleshooting.md

Tool-Specific Surface Files

  • Codex: .agents/skills/envoic/SKILL.md (symlink/copy of this skill)
  • Cursor: .cursorrules (generated adapter)
  • Copilot: .github/copilot-instructions.md (generated adapter)
  • Claude: .claude-plugin/plugins.yaml (generated adapter)
Usage Guidance
This skill's functionality (finding and cleaning venvs/node_modules) looks coherent, but take these precautions before installing or running any commands it suggests: 1) Clarify the mismatch between the registry metadata (no required binaries) and the SKILL.md (which requires uvx/pip and npx/npm). 2) Do not run curl | sh installers without verifying the remote source — prefer installing from official package registries (PyPI/NPM) or inspection of the package repository. 3) Because the skill performs destructive operations, ensure you always run --dry-run first and confirm exact deletion targets; back up important projects before allowing deletions. 4) Verify the envoic package repository (the SKILL.md lists a GitHub URL but the registry entry has no homepage) and inspect the actual package code before installing. 5) If you allow an agent to invoke this skill autonomously, restrict it to read-only/dry-run actions until you’ve validated behavior. If you want, I can help: check whether envoic exists on PyPI/NPM, fetch and summarize the GitHub repo, or parse the SKILL.md for exact commands to preview what will run.
Capability Analysis
Type: OpenClaw Skill Name: envoic Version: 0.0.9 The skill bundle is classified as suspicious due to the inclusion of a `curl | sh` command for installing the `uv` dependency, found in `references/troubleshooting.md`. While this is a common method for installing `uv`, it represents a significant supply chain vulnerability (Remote Code Execution risk) as it directly executes arbitrary code fetched from a remote server (`https://astral.sh/uv/install.sh`). Although the skill's primary purpose and safety instructions (e.g., dry-runs, user confirmation) appear benign and well-intentioned, this high-risk installation method for a core dependency makes the bundle suspicious, as per the critical distinction between vulnerabilities and malice.
Capability Assessment
Purpose & Capability
The SKILL.md describes an environment-scanning/cleanup tool (Python venvs, node_modules, caches) which matches the name and description. However the registry metadata claims no required binaries while the SKILL.md explicitly requires uvx or pip and npx or npm for various tasks — this mismatch is unexpected and should be clarified.
Instruction Scope
Runtime instructions focus on scanning, dry-run management, and explicit confirmation before deletion. The safety policy forbids deleting lockfiles/manifests and pushes dry-run first, which limits destructive scope. The skill does not instruct exfiltration or contacting external endpoints for data transfer in its core workflows.
Install Mechanism
The package is instruction-only (no install spec), which lowers automatic risk, but references/troubleshooting suggests running a remote installer via curl -LsSf https://astral.sh/uv/install.sh | sh. Recommending piping a remote script to sh is a risky practice and should be treated cautiously. The skill also advises installing packages from pip/npm; without a verified repository/homepage those recommendations are harder to validate.
Credentials
No environment variables, credentials, or config paths are requested. The skill's operations (filesystem scanning and deletes) don't require secrets, so the lack of credential requests is proportionate.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide changes in its files. It's instruction-only and user-invocable; autonomous invocation is enabled by default on the platform but is not combined here with broad privileges or credentials.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install envoic
  3. After installation, invoke the skill by name or use /envoic
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.9
envoic 0.0.9 Changelog - Expanded to support both Python (venv, conda) and JavaScript (node_modules) environments. - Added disk space scanning and cleanup for virtual environments, node_modules, and development artifacts. - Introduced verified trigger phrases for easier discovery during workspace health checks and cleanups. - Emphasized safety: requires scans and dry-runs before destructive actions, and explicit confirmation for cleanup. - Provided quick start examples and detailed, workflow-oriented usage documentation.
Metadata
Slug envoic
Version 0.0.9
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is envoic?

Scan, audit, and clean up Python virtual environments (.venv, conda), node_modules, and development artifacts consuming disk space. Use when the user mention... It is an AI Agent Skill for Claude Code / OpenClaw, with 384 downloads so far.

How do I install envoic?

Run "/install envoic" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is envoic free?

Yes, envoic is completely free (open-source). You can download, install and use it at no cost.

Which platforms does envoic support?

envoic is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created envoic?

It is built and maintained by Mahimai Raja J (@mahimairaja); the current version is v0.0.9.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments