← Back to Skills Marketplace
Skill Dependency Fixer
by
Christian Teo
· GitHub ↗
· v2.0.9
· MIT-0
125
Downloads
1
Stars
0
Active Installs
16
Versions
Install in OpenClaw
/install skill-dep-fixer
Description
Scan installed OpenClaw skills for missing npm, pip, brew, or system dependencies and auto-install fixable ones.
Usage Guidance
This skill's goal is reasonable, but treat it as suspicious until you verify the implementation: 1) Confirm the GitHub repository and author (SKILL.md references a GitHub repo and a Homebrew tap 'christianteohx' — inspect them manually). 2) Prefer running the tool in --dry-run or review any generated Node.js project before executing or installing. 3) Do not run curl|sh or install binaries from unverified releases; prefer official package sources. 4) Be aware that --fix will invoke brew/npm/pip globally and may require privileges or change system state; run under a non-privileged account or in a disposable environment (VM/container) first. 5) Ask the maintainer to fix the metadata mismatch (node declared in SKILL.md but not in registry) and to make explicit whether the agent should auto-run installers or only produce an audit. If you want this skill to run automatically, require explicit confirmation before any system installs.
Capability Analysis
Type: OpenClaw Skill
Name: skill-dep-fixer
Version: 2.0.9
The skill-dep-fixer bundle instructs the agent to generate a CLI tool that automatically installs system and language-level dependencies (brew, npm, pip) by parsing local markdown files. It also directs the agent to perform system-level updates (e.g., 'brew upgrade', 'clawhub update') and suggests installing a binary from a personal GitHub repository (christianteohx/skill-dep-fixer) via curl. While framed as a maintenance utility, the automated execution of package managers and the instruction for the agent to modify the host environment represent high-risk behaviors that could be exploited if malicious skill metadata is present.
Capability Assessment
Purpose & Capability
The skill's high-level purpose matches the instructions: scanning ~/.openclaw for SKILL.md and detecting npm/pip/brew/bin issues is coherent. However, the SKILL.md frontmatter claims it requires the 'node' binary (metadata.openclaw.requires.bins: ["node"]) while the registry metadata you provided lists no required binaries — that mismatch should be resolved.
Instruction Scope
The SKILL.md tells the agent to 'generate a complete Node.js CLI project' and to scan and then optionally auto-fix dependencies by invoking system package managers (brew, npm -g, pip). 'Generate a project' is vague and implies writing files to disk; auto-fixing implies running system-wide installers that may require elevated privileges. It also instructs use of clawhub inspect/update which fetches and modifies other skills' SKILL.md. The instructions therefore go beyond read-only scanning into creating code and performing system-level package operations — this is a scope expansion that should be explicit and gated.
Install Mechanism
There is no install spec (instruction-only), but the document recommends installing the tool from a third-party Homebrew tap and via curl from GitHub releases. These recommended install mechanisms (third-party tap, direct curl-to-binary) are higher-risk and should be treated with caution. Because the skill will tell the agent how to install and run code it generates or downloads, there's potential to execute arbitrary code if the sources are untrusted.
Credentials
The skill declares no required environment variables or credentials (registry metadata), which is appropriate for its stated purpose. However, the SKILL.md's metadata claims node is required but that wasn't declared in the registry metadata — a minor proportionality mismatch. The instructions do not request secrets, which is good.
Persistence & Privilege
always:false (no permanent forced presence). The skill allows autonomous invocation (default), so an agent could run the --fix flow and perform system installs without explicit additional confirmation unless the platform prevents that. Combining autonomous invocation with system package operations increases blast radius; prefer requiring explicit user confirmation for fixes and running dry-run by default.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-dep-fixer - After installation, invoke the skill by name or use
/skill-dep-fixer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.9
- Added a new section in SKILL.md with instructions for keeping packages updated when using Homebrew, npm, or pip tools
- No changes to code logic; documentation improvement only
- Output and install instructions remain unchanged
v2.0.8
- Updated installation instructions in SKILL.md for improved clarity.
- Changed "Install (Homebrew):" to "Homebrew (recommended):"
- Reformatted install methods (Homebrew, direct binary, npm, build from source) with updated section headers.
- No code or behavioral changes; documentation update only.
v2.0.7
- Updated SKILL.md to use code blocks for command examples and code snippets, improving readability.
- Replaced previous plaintext command lists and examples with formatted code sections for installation and configuration instructions.
- No changes to logic, features, or functionality. Documentation/formatting update only.
v2.0.6
- Formatting and section layout of SKILL.md improved for clarity and consistency.
- Command list updated to use clearer, consistent bullet formatting.
- Detection and fix logic instructions simplified and made more concise.
- Example frontmatter restructured for better YAML format readability.
- No core logic or behavior changes; documentation only.
v2.0.5
- Documentation formatting improved in SKILL.md for easier reading.
- CLI commands in usage instructions are now consistently formatted as code blocks.
- No changes to logic or functionality; update affects documentation only.
v2.0.4
- Improved documentation and formatting in SKILL.md for clarity and readability.
- Added example for metadata.openclaw.install frontmatter.
- Documented CLI commands and output instructions using code blocks and tables.
- No code or functionality changes—documentation update only.
v2.0.3
- Updated installation instructions in the Output section to include Homebrew and direct binary methods.
- Provided multiple installation and usage methods: Homebrew, direct download, npm, and build from source.
- Clarified output instructions to be more concise and user-oriented.
- Minor formatting and language improvements throughout documentation.
v2.0.2
- Major rewrite of SKILL.md to define a generator for a Node.js CLI tool, not just a consumer of it.
- CLI is now specified as self-contained, requiring only Node.js (no longer git or npm required to use).
- Dependency handling and scan instructions now focus on generating a new skill-dep-fixer CLI project.
- Clarifies trigger phrases, output formats, scan logic, and exit codes for consistent automated behavior.
- Usage directions updated: explains running, installation, and testing of the generated CLI tool.
v2.0.1
- Improved documentation and usage instructions for skill-dep-fixer.
- Clarifies when to use the skill and lists new trigger phrases.
- Provides detailed dependency check examples for npm, pip, brew, and system binaries.
- Explains dependency declaration format in SKILL.md, with real YAML examples.
- Lists expected outputs and possible exit codes for users and automation.
- Adds homepage URL and declares required system commands for smoother setup.
v2.0.0
Major update: skill-dep-fixer 2.0.0 introduces a powerful CLI tool for auto-fixing skill dependencies.
- Now generates a self-contained Node.js CLI (`skill-dep-fixer.js`) to scan, detect, and auto-fix missing dependencies for OpenClaw skills.
- Supports scanning both npm, pip, brew, and system binaries declared in skill `SKILL.md` files.
- Provides multiple commands: `--dry-run`, `--fix`, `--skill <name>`, `--json`, `--report`, and `--help`.
- Pure JavaScript/Node.js implementation with zero external runtime dependencies.
- Outputs easy-to-read tables, Discord-formatted reports, and machine-readable JSON.
- Exposes trigger phrases such as "fix skill dependencies" and "openclaw doctor" to invoke the skill.
- Updated usage instructions and install/test info included post-generation.
v1.5.0
Fix SKILL.md metadata inconsistencies: change requires.anyBins to requires.bins (matches parser), replace kind:shell install entry with kind:npm entries for chalk and js-yaml. Aligns declaration with actual parser behavior.
v1.4.0
Sanitize all interpolated values in check commands with shellQuote(). Prevents SKILL.md injection via read-only check operations (which, brew list, npm list, pip show).
v1.3.0
Remove installCommand() and dead run() helper. All installs use shellQuote-protected functions. Eliminate all raw exec string building paths.
v1.2.0
Security fix: use shell-quoted installer. Eliminates command injection from malformed SKILL.md entries.
v1.1.0
Bundle code + deps in skill. Fix security flag.
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Skill Dependency Fixer?
Scan installed OpenClaw skills for missing npm, pip, brew, or system dependencies and auto-install fixable ones. It is an AI Agent Skill for Claude Code / OpenClaw, with 125 downloads so far.
How do I install Skill Dependency Fixer?
Run "/install skill-dep-fixer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Dependency Fixer free?
Yes, Skill Dependency Fixer is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill Dependency Fixer support?
Skill Dependency Fixer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Dependency Fixer?
It is built and maintained by Christian Teo (@christianteohx); the current version is v2.0.9.
More Skills