← Back to Skills Marketplace
sxliuyu

Package Version Tracker

by SxLiuYu · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
244
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install package-version-tracker
Description
查询 npm 和 PyPI 包的版本信息、历史发布及依赖,支持版本比较和批量查询,响应快速无须 API key。
Usage Guidance
This skill appears to perform the described public-registry lookups and does not request secrets or local file access, so it is low-risk in terms of credential exfiltration. However, the documentation overstates features (mentions batch queries and dependency info) that the included script doesn't fully provide — that inconsistency could be sloppy engineering or indicate an incomplete/untested skill. Before installing: (1) review the script if you need batch queries or dependency details (it currently handles single-package queries only), (2) be aware it requires outbound network access to npmjs.org and pypi.org, and (3) if you require the advertised features, ask the author for an updated implementation or patch the script yourself. If you need a security-strong recommendation, treat this as untrusted code until you validate it works as advertised.
Capability Analysis
Type: OpenClaw Skill Name: package-version-tracker Version: 1.0.1 The skill bundle is a legitimate utility for querying npm and PyPI package information. The Python script (scripts/package_version_tracker.py) uses standard libraries to fetch data from official registries (registry.npmjs.org and pypi.org) and contains no evidence of malicious behavior, data exfiltration, or command injection vulnerabilities.
Capability Assessment
Purpose & Capability
Name and description match the included code: the Python script queries public npm and PyPI JSON endpoints and provides version info and a simple version-compare. However the SKILL.md/_meta.json claim support for batch queries and dependency details; the script does not implement batch processing or extract dependency lists as the docs imply.
Instruction Scope
SKILL.md instructs use of public registry APIs and lists rate limits and batch limits. The runtime instructions do not ask for any files, credentials, or unexpected endpoints. But there's a scope mismatch: SKILL.md promises dependency information and multi-package batch queries, while the script only handles single-package queries and returns limited fields.
Install Mechanism
No install spec, no downloads, and one small Python script packaged with the skill. No third-party installers or remote archives are used — low install risk.
Credentials
No environment variables, credentials, or config paths are requested. _meta.json lists 'network' permission which is appropriate for querying public registries.
Persistence & Privilege
Skill is not always-enabled, does not request elevated platform privileges, and does not modify other skills or system configuration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install package-version-tracker
  3. After installation, invoke the skill by name or use /package-version-tracker
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Version 1.0.1 of Package Version Tracker - No file changes detected in this release. - Functionality, usage, and limitations remain unchanged.
v2.0.0
No changes detected in this version.
v1.0.0
Version 1.0.0 - Initial release of Package Version Tracker. - Supports querying npm and PyPI package versions, including latest version, release dates, and full version history. - Allows version comparison between two versions. - Enables batch querying for up to 10 packages at once. - No API key required; uses public registry APIs. - Rate limit set to 5 requests per second.
Metadata
Slug package-version-tracker
Version 1.0.1
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 3
Frequently Asked Questions

What is Package Version Tracker?

查询 npm 和 PyPI 包的版本信息、历史发布及依赖,支持版本比较和批量查询,响应快速无须 API key。 It is an AI Agent Skill for Claude Code / OpenClaw, with 244 downloads so far.

How do I install Package Version Tracker?

Run "/install package-version-tracker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Package Version Tracker free?

Yes, Package Version Tracker is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Package Version Tracker support?

Package Version Tracker is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Package Version Tracker?

It is built and maintained by SxLiuYu (@sxliuyu); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments