← 返回 Skills 市场
mahimairaja

envoic

作者 Mahimai Raja J · GitHub ↗ · v0.0.9
cross-platform ⚠ suspicious
384
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install envoic
功能描述
Scan, audit, and clean up Python virtual environments (.venv, conda), node_modules, and development artifacts consuming disk space. Use when the user mention...
使用说明 (SKILL.md)

envoic - Environment Scanner and Cleanup Skill

Use envoic to discover and safely clean Python virtual environments, node_modules, and development artifacts.

Quick Start

uvx envoic scan .
uvx envoic manage . --dry-run
npx envoic scan . --deep

If uvx is unavailable, install Python package with pip install envoic. If npx is unavailable, install JS package with npm install -g envoic.

Primary Workflows

1) Onboarding Health Check

  1. Run uvx envoic info .venv (or npx envoic info node_modules).
  2. If environment is broken or stale, propose delete-and-recreate steps.

2) Disk Space Recovery

  1. Run uvx envoic scan \x3Croot> --deep and/or npx envoic scan \x3Croot> --deep.
  2. Identify largest stale candidates.
  3. Run manage --dry-run, then actual cleanup only after confirmation.

3) Build/Test Artifact Cleanup

  1. Scan project root.
  2. Prefer deleting SAFE artifacts first.
  3. Warn for CAREFUL artifacts.

Safety Contract

  1. Always scan before delete.
  2. Prefer --dry-run before destructive operations.
  3. Never delete lock files or project manifest files.
  4. Require explicit user confirmation for non-dry-run cleanup.

See full policy in references/safety.md.

Verified Trigger Phrases

  • "Find and remove stale virtualenvs"
  • "Clean old node_modules and caches"
  • "I hit ENOSPC, free up disk from dev artifacts"
  • "Audit environment sprawl in this workspace"
  • "Check if this .venv is broken"
  • "List largest build artifacts"
  • "Dry-run cleanup plan for Python and JS"
  • "Find dangling venv symlinks"
  • "Clean test/build caches safely"
  • "Generate JSON report for stale environments"

References

  • Full command catalog: references/commands.md
  • Safety and risk tiers: references/safety.md
  • Troubleshooting and fallbacks: references/troubleshooting.md

Tool-Specific Surface Files

  • Codex: .agents/skills/envoic/SKILL.md (symlink/copy of this skill)
  • Cursor: .cursorrules (generated adapter)
  • Copilot: .github/copilot-instructions.md (generated adapter)
  • Claude: .claude-plugin/plugins.yaml (generated adapter)
安全使用建议
This skill's functionality (finding and cleaning venvs/node_modules) looks coherent, but take these precautions before installing or running any commands it suggests: 1) Clarify the mismatch between the registry metadata (no required binaries) and the SKILL.md (which requires uvx/pip and npx/npm). 2) Do not run curl | sh installers without verifying the remote source — prefer installing from official package registries (PyPI/NPM) or inspection of the package repository. 3) Because the skill performs destructive operations, ensure you always run --dry-run first and confirm exact deletion targets; back up important projects before allowing deletions. 4) Verify the envoic package repository (the SKILL.md lists a GitHub URL but the registry entry has no homepage) and inspect the actual package code before installing. 5) If you allow an agent to invoke this skill autonomously, restrict it to read-only/dry-run actions until you’ve validated behavior. If you want, I can help: check whether envoic exists on PyPI/NPM, fetch and summarize the GitHub repo, or parse the SKILL.md for exact commands to preview what will run.
功能分析
Type: OpenClaw Skill Name: envoic Version: 0.0.9 The skill bundle is classified as suspicious due to the inclusion of a `curl | sh` command for installing the `uv` dependency, found in `references/troubleshooting.md`. While this is a common method for installing `uv`, it represents a significant supply chain vulnerability (Remote Code Execution risk) as it directly executes arbitrary code fetched from a remote server (`https://astral.sh/uv/install.sh`). Although the skill's primary purpose and safety instructions (e.g., dry-runs, user confirmation) appear benign and well-intentioned, this high-risk installation method for a core dependency makes the bundle suspicious, as per the critical distinction between vulnerabilities and malice.
能力评估
Purpose & Capability
The SKILL.md describes an environment-scanning/cleanup tool (Python venvs, node_modules, caches) which matches the name and description. However the registry metadata claims no required binaries while the SKILL.md explicitly requires uvx or pip and npx or npm for various tasks — this mismatch is unexpected and should be clarified.
Instruction Scope
Runtime instructions focus on scanning, dry-run management, and explicit confirmation before deletion. The safety policy forbids deleting lockfiles/manifests and pushes dry-run first, which limits destructive scope. The skill does not instruct exfiltration or contacting external endpoints for data transfer in its core workflows.
Install Mechanism
The package is instruction-only (no install spec), which lowers automatic risk, but references/troubleshooting suggests running a remote installer via curl -LsSf https://astral.sh/uv/install.sh | sh. Recommending piping a remote script to sh is a risky practice and should be treated cautiously. The skill also advises installing packages from pip/npm; without a verified repository/homepage those recommendations are harder to validate.
Credentials
No environment variables, credentials, or config paths are requested. The skill's operations (filesystem scanning and deletes) don't require secrets, so the lack of credential requests is proportionate.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide changes in its files. It's instruction-only and user-invocable; autonomous invocation is enabled by default on the platform but is not combined here with broad privileges or credentials.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install envoic
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /envoic 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.9
envoic 0.0.9 Changelog - Expanded to support both Python (venv, conda) and JavaScript (node_modules) environments. - Added disk space scanning and cleanup for virtual environments, node_modules, and development artifacts. - Introduced verified trigger phrases for easier discovery during workspace health checks and cleanups. - Emphasized safety: requires scans and dry-runs before destructive actions, and explicit confirmation for cleanup. - Provided quick start examples and detailed, workflow-oriented usage documentation.
元数据
Slug envoic
版本 0.0.9
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

envoic 是什么?

Scan, audit, and clean up Python virtual environments (.venv, conda), node_modules, and development artifacts consuming disk space. Use when the user mention... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 384 次。

如何安装 envoic?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install envoic」即可一键安装,无需额外配置。

envoic 是免费的吗?

是的,envoic 完全免费(开源免费),可自由下载、安装和使用。

envoic 支持哪些平台?

envoic 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 envoic?

由 Mahimai Raja J(@mahimairaja)开发并维护,当前版本 v0.0.9。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论