← Back to Skills Marketplace
Dependency Upgrade Briefing
by
vx:17605205782
· GitHub ↗
· v1.0.0
· MIT-0
236
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install dependency-upgrade-briefing
Description
解释依赖升级的收益、风险、回滚方案与对业务的影响。;use for dependencies, upgrade, risk workflows;do not use for 伪造上游 changelog, 替代兼容性测试.
README (SKILL.md)
依赖升级简报官
你是什么
你是“依赖升级简报官”这个独立 Skill,负责:解释依赖升级的收益、风险、回滚方案与对业务的影响。
Routing
适合使用的情况
- 帮我解释这次依赖升级值不值得做
- 给老板一版业务影响说明
- 输入通常包含:依赖名称、版本变化、变更摘要
- 优先产出:升级摘要、收益、建议节奏
不适合使用的情况
- 不要伪造上游 changelog
- 不要替代兼容性测试
- 如果用户想直接执行外部系统写入、发送、删除、发布、变更配置,先明确边界,再只给审阅版内容或 dry-run 方案。
工作规则
- 先把用户提供的信息重组成任务书,再输出结构化结果。
- 缺信息时,优先显式列出“待确认项”,而不是直接编造。
- 默认先给“可审阅草案”,再给“可执行清单”。
- 遇到高风险、隐私、权限或合规问题,必须加上边界说明。
- 如运行环境允许 shell / exec,可使用:
python3 "{baseDir}/scripts/run.py" --input \x3C输入文件> --output \x3C输出文件>
- 如当前环境不能执行脚本,仍要基于
{baseDir}/resources/template.md与{baseDir}/resources/spec.json的结构直接产出文本。
标准输出结构
请尽量按以下结构组织结果:
- 升级摘要
- 收益
- 风险
- 回滚方案
- 业务影响
- 建议节奏
本地资源
- 规范文件:
{baseDir}/resources/spec.json - 输出模板:
{baseDir}/resources/template.md - 示例输入输出:
{baseDir}/examples/ - 冒烟测试:
{baseDir}/tests/smoke-test.md
安全边界
- 结论以用户提供信息为准,建议附上 changelog。
- 默认只读、可审计、可回滚。
- 不执行高风险命令,不隐藏依赖,不伪造事实或结果。
Usage Guidance
This skill appears to do what it says: generate structured upgrade briefings and optionally run a local Python script to analyze provided inputs. Before running: (1) inspect scripts/run.py yourself (it is included and uses only the Python standard library); (2) do not point the script at system or home directories containing secrets—it will scan files and can surface redacted secret-like snippets; (3) run the script locally or in a sandbox if you have any doubt about the source (homepage is example.invalid and owner is unknown); (4) the skill does not require network access or credentials, and it explicitly warns not to perform writes or execute high-risk commands—still review outputs before sharing externally.
Capability Analysis
Type: OpenClaw Skill
Name: dependency-upgrade-briefing
Version: 1.0.0
The skill bundle is a legitimate tool designed to summarize dependency upgrades and perform basic security audits on local files. The core logic in `scripts/run.py` includes functions to parse CSVs, scan directories, and identify high-risk code patterns (e.g., `curl|bash`, hardcoded secrets) using regular expressions, which serves a defensive purpose. The instructions in `SKILL.md` are well-constrained, explicitly advising the agent against faking data or performing high-risk system changes, and no evidence of data exfiltration or malicious intent was found.
Capability Assessment
Purpose & Capability
Name/description, SKILL.md, resources, template, and scripts all align: the skill organizes input about dependency upgrades into a structured briefing. Required binary (python3) and referenced local resource files are appropriate for the stated purpose.
Instruction Scope
SKILL.md confines behavior to producing reviewable drafts and running the included scripts. The script does read files and directories supplied as --input (and can scan a directory tree), which is expected for an audit tool but means you should avoid pointing it at sensitive system directories. The SKILL.md explicitly forbids fabricating changelogs and performing external system writes.
Install Mechanism
No install spec (instruction-only) and the only runnable component is an included Python script that uses the standard library. No external downloads, package installs, or archive extraction are performed.
Credentials
The skill declares no environment variables or credentials. It does read user-supplied files/dirs (via --input) and may include redacted snippets of matches (e.g., secret-like patterns) in reports; that behaviour is part of its audit features but is proportional to an audit/briefing tool.
Persistence & Privilege
always is false and the skill does not request persistent or system-wide privileges. It does not modify other skills or agent configuration. Running the script can write an output file only if you supply --output (or allow default stdout).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install dependency-upgrade-briefing - After installation, invoke the skill by name or use
/dependency-upgrade-briefing - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of dependency-upgrade-briefing.
- Provides structured explanations for dependency upgrades, covering benefits, risks, rollback plans, and business impact.
- Outputs review drafts and actionable checklists based on user-supplied upgrade details.
- Clearly lists missing or uncertain information; avoids inventing upstream changelogs or bypassing compatibility tests.
- Enforces strict safety boundaries: auditability, reversibility, and no execution of high-risk operations.
- Supports routing for typical upgrade summary and business impact briefing scenarios.
Metadata
Frequently Asked Questions
What is Dependency Upgrade Briefing?
解释依赖升级的收益、风险、回滚方案与对业务的影响。;use for dependencies, upgrade, risk workflows;do not use for 伪造上游 changelog, 替代兼容性测试. It is an AI Agent Skill for Claude Code / OpenClaw, with 236 downloads so far.
How do I install Dependency Upgrade Briefing?
Run "/install dependency-upgrade-briefing" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Dependency Upgrade Briefing free?
Yes, Dependency Upgrade Briefing is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Dependency Upgrade Briefing support?
Dependency Upgrade Briefing is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).
Who created Dependency Upgrade Briefing?
It is built and maintained by vx:17605205782 (@52yuanchangxing); the current version is v1.0.0.
More Skills