← Back to Skills Marketplace
437
Downloads
0
Stars
4
Active Installs
1
Versions
Install in OpenClaw
/install npm
Description
Use npm for package install, version inspection, dist-tags, and safe publish flows. Use when working on OpenClaw or ClawHub package releases, validating publ...
README (SKILL.md)
npm
Use this skill for npm package operations with release-safe defaults.
Scope
- OpenClaw packages in this monorepo (core + plugins)
- ClawHub CLI package/release checks when npm is involved
- npm publish, dist-tag, and version verification
Guardrails
- Never publish from repo root unless explicitly requested for
openclaw. - For plugin-only releases, publish only changed plugins and keep
openclawuntouched. - For beta tags, publish matching beta versions (for example
2026.2.15-beta.1) with--tag beta. - Use
npm view \x3Cpkg> version --userconfig "$(mktemp)"for read-only verification. - If OTP is required, fetch it through the
1passwordskill in tmux before publish.
Quick Checks
npm --version
npm whoami
npm view openclaw version --userconfig "$(mktemp)"
OpenClaw Release-safe Flow
- Verify target package and local version:
npm view \x3Cpackage-name> version --userconfig "$(mktemp)"
node -p "require('./package.json').version"
- Publish from package directory only:
cd \x3Cpackage-dir>
npm publish --access public --otp="\x3Cotp>"
- Verify published version:
npm view \x3Cpackage-name> version --userconfig "$(mktemp)"
- For beta releases:
npm publish --access public --tag beta --otp="\x3Cotp>"
ClawHub Interop
- Use npm only for ClawHub package version/auth concerns.
- Use
clawhubCLI for skill search/install/update/publish workflows. - If both are needed: publish npm package first, then run
clawhubpublish/update commands.
Useful Commands
# Inspect package metadata
npm view \x3Cpackage-name> dist-tags --json --userconfig "$(mktemp)"
npm view \x3Cpackage-name> versions --json --userconfig "$(mktemp)"
# Manage dist-tags
npm dist-tag add \x3Cpackage-name>@\x3Cversion> beta
npm dist-tag add \x3Cpackage-name>@\x3Cversion> latest
# Verify current auth context
npm whoami
npm profile get --json
Usage Guidance
This skill is an instruction-only helper that runs your system npm and node commands; it is internally consistent. Before installing: ensure you trust the source (it will run npm publish/dist-tag/version commands if invoked), confirm you want Node/npm installed via brew/apt on your machine, and never allow automated publish steps without explicit review — the skill references OTPs and npm auth but does not store or request secrets itself. If you use an automated agent, restrict its ability to run publish commands unless you want releases to be performed autonomously.
Capability Analysis
Type: OpenClaw Skill
Name: npm
Version: 1.0.0
The npm skill bundle provides standard package management functionality for the OpenClaw ecosystem. It includes security-conscious guardrails, such as using temporary configurations via 'mktemp' for read-only operations and explicit instructions for handling OTPs and beta tags, with no evidence of malicious intent, data exfiltration, or unauthorized execution in SKILL.md or _meta.json.
Capability Assessment
Purpose & Capability
Name/description match the declared requirements: the skill needs the npm binary and offers npm publish/version/dist-tag flows. The brew/apt install entries for node/npm are proportionate to the stated purpose.
Instruction Scope
SKILL.md only instructs running npm/node commands and reading package.json (to check local version) — actions expected for package publishing and verification. It uses --userconfig "$(mktemp)" to avoid reading user npmrc and recommends fetching OTP from the 1password skill (an external credential retrieval workflow), which is reasonable. There are no instructions to read unrelated system files or exfiltrate data.
Install Mechanism
Install spec uses standard package managers (brew formula 'node' and apt package 'npm') which are appropriate and expected for ensuring npm is available. No remote downloads from arbitrary URLs or archive extraction are present.
Credentials
The skill declares no required environment variables or credentials. Commands reference user npm auth state (npm whoami, publish with OTP) which is natural for npm workflows; the skill does not demand unrelated secrets or config paths.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent or elevated platform privileges or modify other skills' configuration. Autonomous invocation is enabled by default but is typical for skills of this type.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install npm - After installation, invoke the skill by name or use
/npm - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the npm skill for package management and release workflows.
- Supports npm package install, version inspection, dist-tag management, and publishing with OTP safety.
- Provides guardrails for OpenClaw and plugin releases to prevent publishing errors.
- Includes step-by-step flow for release-safe publishing, including beta tag handling.
- Outlines integration points with ClawHub for seamless package management.
Metadata
Frequently Asked Questions
What is npm?
Use npm for package install, version inspection, dist-tags, and safe publish flows. Use when working on OpenClaw or ClawHub package releases, validating publ... It is an AI Agent Skill for Claude Code / OpenClaw, with 437 downloads so far.
How do I install npm?
Run "/install npm" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is npm free?
Yes, npm is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does npm support?
npm is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created npm?
It is built and maintained by jvy (@jvy); the current version is v1.0.0.
More Skills