← Back to Skills Marketplace
46
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install package-updater
Description
Auto-checks and updates outdated dependencies. Shows changelogs and breaking changes before updating. Triggers: update dependencies, upgrade packages, check...
Usage Guidance
This skill appears to do what it says, but the SKILL.md assumes tools (npm, pip, cargo, go, git) and test commands exist while the metadata declares none—ask the publisher to clarify required binaries and exact update/test/commit commands. Before running: (1) run it on a non-critical branch or clone, (2) ensure you have backups and CI or tests configured, (3) verify the tool will prompt for confirmation before applying major updates, and (4) prefer running manually the first time to review the generated report and changelogs. If you need higher assurance, request explicit declarations of required binaries, sample commands the skill will run, and whether it will push commits automatically or only prepare local commits for review.
Capability Analysis
Type: OpenClaw Skill
Name: package-updater
Version: 1.0.0
The skill is a standard dependency management utility designed to check for and update outdated packages across various ecosystems (npm, pip, cargo, go). The instructions in SKILL.md follow best practices, such as performing risk assessments, reporting changes before execution, and running tests, with no evidence of malicious intent, data exfiltration, or unauthorized execution.
Capability Assessment
Purpose & Capability
The name/description (auto-checks and updates dependencies) aligns with the instructions (detect package manager, run outdated checks, update in stages). However the metadata declares no required binaries while the runtime instructions expect npm, pip, cargo, go toolchain and git to exist. That mismatch is unexplained.
Instruction Scope
Instructions stay within the stated purpose (scanning manifests, running package manager outdated commands, assessing risk, updating, running tests, committing). They do not attempt to exfiltrate data or contact unexpected endpoints. Concerns: the doc is vague about where to run (project root detection), what test command to run, how to perform updates exactly (which update commands to invoke), and it assumes committing is acceptable and that a VCS exists. Those gaps grant broad agent discretion which could lead to unexpected changes if not constrained.
Install Mechanism
Instruction-only skill with no install spec or code files, so nothing is written to disk by the skill itself. This is low install risk.
Credentials
No environment variables or credentials are requested, which is appropriate. However the skill implicitly requires access to local developer tools (npm, pip, cargo, go, git) and network access to package registries; these are not declared in the metadata. That omission reduces transparency and could surprise users.
Persistence & Privilege
always:false and no install steps mean the skill does not request permanent privileged presence. It does instruct committing changes to the repository, which modifies user data, but this is normal for a dependency-updater if user consents.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install package-updater - After installation, invoke the skill by name or use
/package-updater - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of skylv-dependency-updater.
- Scans project dependencies for updates across multiple package managers (npm, pip, cargo, go).
- Displays changelogs and highlights breaking changes before updating.
- Assesses update risk by distinguishing between patch, minor, and major version changes.
- Provides a structured update strategy: report first, staged updates, tests after each change, and separate commits per update.
- Triggered by user prompts like "update dependencies" or "check outdated".
Metadata
Frequently Asked Questions
What is Package Updater?
Auto-checks and updates outdated dependencies. Shows changelogs and breaking changes before updating. Triggers: update dependencies, upgrade packages, check... It is an AI Agent Skill for Claude Code / OpenClaw, with 46 downloads so far.
How do I install Package Updater?
Run "/install package-updater" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Package Updater free?
Yes, Package Updater is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Package Updater support?
Package Updater is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Package Updater?
It is built and maintained by SKY-lv (@sky-lv); the current version is v1.0.0.
More Skills