← Back to Skills Marketplace
2222
Downloads
0
Stars
5
Active Installs
1
Versions
Install in OpenClaw
/install npm-search
Description
Search npm packages. Use for finding Node.js/JavaScript packages, libraries, and tools.
Usage Guidance
This skill is instruction-only and delegates to a local script (`scripts/npmsearch`) and to a non-standard binary (`npm-search-mcp-server`) that the skill does not supply or document. Before installing or enabling it: 1) confirm where `npm-search-mcp-server` comes from and only install a trusted upstream (official repo or release). 2) Inspect any `scripts/npmsearch` file that will be run — do not let the agent execute an unknown local script without review. 3) If you can't find or audit the script/binary, consider declining the skill or running it in a sandbox. The lack of provided code or install instructions makes the skill coherent in purpose but risky in practice.
Capability Analysis
Type: OpenClaw Skill
Name: npm-search
Version: 1.0.0
The skill instructs the agent to execute a local script, `scripts/npmsearch`, via `bash scripts/npmsearch "<query>"` as seen in `skill.md`. However, the content of this script is not provided for analysis. This introduces an opaque execution path, making it a risky capability as the script's actual behavior (e.g., file access, network calls) cannot be verified as benign without its content. While there's no clear evidence of malicious intent in the provided files, the unknown nature of the executed script prevents a benign classification.
Capability Assessment
Purpose & Capability
The name/description (npm package search) aligns with requiring a search helper binary and jq for output parsing. Requiring npm-search-mcp-server and jq is plausible for an npm-search wrapper, but the skill does not provide or document where npm-search-mcp-server comes from.
Instruction Scope
SKILL.md tells the agent to run `bash scripts/npmsearch "<query>"`, but there is no scripts/ directory or script provided by the skill. That means the agent would execute whatever `scripts/npmsearch` exists in the user's environment (or fail). Running an unspecified local script is a scope and safety concern because its behavior is unknown.
Install Mechanism
There is no install spec (instruction-only), which keeps disk footprint low. However, the skill requires a non-standard binary (npm-search-mcp-server) and provides no guidance on where to obtain it or how to verify it, increasing risk if a user blindly installs an untrusted package.
Credentials
The skill requests no environment variables, credentials, or config paths — its requested privileges are minimal and proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request persistent presence or elevated agent-wide privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install npm-search - After installation, invoke the skill by name or use
/npm-search - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Search and discover Node.js/JavaScript packages on npm
Metadata
Frequently Asked Questions
What is NPM Search?
Search npm packages. Use for finding Node.js/JavaScript packages, libraries, and tools. It is an AI Agent Skill for Claude Code / OpenClaw, with 2222 downloads so far.
How do I install NPM Search?
Run "/install npm-search" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is NPM Search free?
Yes, NPM Search is completely free (open-source). You can download, install and use it at no cost.
Which platforms does NPM Search support?
NPM Search is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created NPM Search?
It is built and maintained by Seth Rose (@thesethrose); the current version is v1.0.0.
More Skills