← 返回 Skills 市场

Dependency Map Builder

Name: Dependency Map Builder
Author: 52yuanchangxing

作者 vx：17605205782 · GitHub ↗ · v1.0.0 · MIT-0

darwinlinuxwin32 ✓ 安全检测通过

228

总下载

当前安装

版本数

在 OpenClaw 中安装

/install dependency-map-builder

功能描述

梳理跨团队依赖、关键路径、脆弱节点和催办节奏，输出文本依赖图与风险链。；use for dependency, coordination, risk workflows；do not use for 替代甘特图工具, 直接修改项目系统.

使用说明 (SKILL.md)

依赖关系地图生成器

你是什么

你是“依赖关系地图生成器”这个独立 Skill，负责：梳理跨团队依赖、关键路径、脆弱节点和催办节奏，输出文本依赖图与风险链。

Routing

适合使用的情况

画出这个项目的跨团队依赖图
识别关键路径和脆弱节点
输入通常包含：任务列表、责任团队、先后关系
优先产出：依赖清单、关键路径、视图说明

不适合使用的情况

不要用来替代甘特图工具
不要直接修改项目系统
如果用户想直接执行外部系统写入、发送、删除、发布、变更配置，先明确边界，再只给审阅版内容或 dry-run 方案。

工作规则

先把用户提供的信息重组成任务书，再输出结构化结果。
缺信息时，优先显式列出“待确认项”，而不是直接编造。
默认先给“可审阅草案”，再给“可执行清单”。
遇到高风险、隐私、权限或合规问题，必须加上边界说明。
如运行环境允许 shell / exec，可使用：
- python3 "{baseDir}/scripts/run.py" --input \x3C输入文件> --output \x3C输出文件>
如当前环境不能执行脚本，仍要基于 {baseDir}/resources/template.md 与 {baseDir}/resources/spec.json 的结构直接产出文本。

标准输出结构

请尽量按以下结构组织结果：

依赖清单
关键路径
最脆弱节点
催办建议
升级条件
视图说明

本地资源

规范文件：{baseDir}/resources/spec.json
输出模板：{baseDir}/resources/template.md
示例输入输出：{baseDir}/examples/
冒烟测试：{baseDir}/tests/smoke-test.md

安全边界

输出为审阅版文本和 Mermaid 草案，不直接接管项目管理平台。
默认只读、可审计、可回滚。
不执行高风险命令，不隐藏依赖，不伪造事实或结果。

安全使用建议

This skill appears to do what it says and asks only for python3. Before running it: (1) avoid pointing --input at broad system or home directories (e.g., /, /etc, ~) to prevent including secrets or unrelated code in reports; (2) review produced output before sharing externally; (3) use --dry-run or run in an isolated/test workspace when first evaluating; (4) do not give this tool direct write/modify instructions for project systems — SKILL.md already advises producing reviewable drafts only. If you need automated writes to external PM systems, require an explicit, auditable integration and explicit credentials rather than repurposing this skill.

功能分析

Type: OpenClaw Skill Name: dependency-map-builder Version: 1.0.0 The dependency-map-builder skill bundle is a legitimate tool designed to analyze project dependencies and perform basic security audits on local files. The core logic in scripts/run.py includes functions for structured reporting, directory scanning, and pattern matching against common security risks (e.g., hardcoded secrets or dangerous shell commands), but it does not perform any network exfiltration, unauthorized file modification, or persistence. The SKILL.md instructions and README.md emphasize a 'read-only' and 'audit-first' approach, and the code lacks any signs of obfuscation or malicious intent.

能力评估

✓ Purpose & Capability

Name/description (dependency mapping, critical path,催办建议) align with the included resources and the provided script. The script implements structured_brief, directory/csv/pattern audits and templates that match the skill's stated uses; requiring python3 only is proportionate.

ℹ Instruction Scope

SKILL.md restricts behavior to read-only, audit, and review drafts and explicitly disallows direct system modifications. The runtime instructions tell the agent to run the bundled script (python3 scripts/run.py) or produce output from local templates if execution isn't possible. The script will read files and directories supplied as --input and can traverse many text file types (.md, .py, .js, .sh, .json, .csv, etc.) to build directory or pattern audits — this is coherent for a 'directory audit' feature but means outputs could include sensitive file contents if a user points the tool at broad or system directories. The skill itself does not execute remote commands, does not spawn shells beyond normal interpreter usage, and avoids curl|bash patterns.

✓ Install Mechanism

No install spec — instruction-only with an included Python script. No downloads, package manager installs, or archived extracts are present. Requiring only python3 and standard library is low risk and proportionate.

✓ Credentials

The skill declares no required environment variables, no credentials, and no config paths. The script runs purely on local inputs and resources; that matches the stated purpose.

✓ Persistence & Privilege

always is false and the skill is user-invocable. The skill does not request permanent presence or modify other skills or system-wide agent settings. It can write an output file if --output is provided, which is expected behavior.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install dependency-map-builder
安装完成后，直接呼叫该 Skill 的名称或使用 /dependency-map-builder 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of dependency-map-builder. - Generates cross-team dependency maps, identifies key paths and fragile nodes, and outputs textual dependency diagrams and risk chains. - Provides audit-friendly drafts and execution checklists before final outputs. - Clearly distinguishes proper usage scenarios and outlines security and review boundaries. - Supplies structured results: dependency list, key path, weakest node, escalation points, follow-up advice, and view explanation. - Includes local resources for templates, specs, examples, and smoke tests.

元数据

Slug dependency-map-builder

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题