← 返回 Skills 市场
437
总下载
0
收藏
4
当前安装
1
版本数
在 OpenClaw 中安装
/install npm
功能描述
Use npm for package install, version inspection, dist-tags, and safe publish flows. Use when working on OpenClaw or ClawHub package releases, validating publ...
使用说明 (SKILL.md)
npm
Use this skill for npm package operations with release-safe defaults.
Scope
- OpenClaw packages in this monorepo (core + plugins)
- ClawHub CLI package/release checks when npm is involved
- npm publish, dist-tag, and version verification
Guardrails
- Never publish from repo root unless explicitly requested for
openclaw. - For plugin-only releases, publish only changed plugins and keep
openclawuntouched. - For beta tags, publish matching beta versions (for example
2026.2.15-beta.1) with--tag beta. - Use
npm view \x3Cpkg> version --userconfig "$(mktemp)"for read-only verification. - If OTP is required, fetch it through the
1passwordskill in tmux before publish.
Quick Checks
npm --version
npm whoami
npm view openclaw version --userconfig "$(mktemp)"
OpenClaw Release-safe Flow
- Verify target package and local version:
npm view \x3Cpackage-name> version --userconfig "$(mktemp)"
node -p "require('./package.json').version"
- Publish from package directory only:
cd \x3Cpackage-dir>
npm publish --access public --otp="\x3Cotp>"
- Verify published version:
npm view \x3Cpackage-name> version --userconfig "$(mktemp)"
- For beta releases:
npm publish --access public --tag beta --otp="\x3Cotp>"
ClawHub Interop
- Use npm only for ClawHub package version/auth concerns.
- Use
clawhubCLI for skill search/install/update/publish workflows. - If both are needed: publish npm package first, then run
clawhubpublish/update commands.
Useful Commands
# Inspect package metadata
npm view \x3Cpackage-name> dist-tags --json --userconfig "$(mktemp)"
npm view \x3Cpackage-name> versions --json --userconfig "$(mktemp)"
# Manage dist-tags
npm dist-tag add \x3Cpackage-name>@\x3Cversion> beta
npm dist-tag add \x3Cpackage-name>@\x3Cversion> latest
# Verify current auth context
npm whoami
npm profile get --json
安全使用建议
This skill is an instruction-only helper that runs your system npm and node commands; it is internally consistent. Before installing: ensure you trust the source (it will run npm publish/dist-tag/version commands if invoked), confirm you want Node/npm installed via brew/apt on your machine, and never allow automated publish steps without explicit review — the skill references OTPs and npm auth but does not store or request secrets itself. If you use an automated agent, restrict its ability to run publish commands unless you want releases to be performed autonomously.
功能分析
Type: OpenClaw Skill
Name: npm
Version: 1.0.0
The npm skill bundle provides standard package management functionality for the OpenClaw ecosystem. It includes security-conscious guardrails, such as using temporary configurations via 'mktemp' for read-only operations and explicit instructions for handling OTPs and beta tags, with no evidence of malicious intent, data exfiltration, or unauthorized execution in SKILL.md or _meta.json.
能力评估
Purpose & Capability
Name/description match the declared requirements: the skill needs the npm binary and offers npm publish/version/dist-tag flows. The brew/apt install entries for node/npm are proportionate to the stated purpose.
Instruction Scope
SKILL.md only instructs running npm/node commands and reading package.json (to check local version) — actions expected for package publishing and verification. It uses --userconfig "$(mktemp)" to avoid reading user npmrc and recommends fetching OTP from the 1password skill (an external credential retrieval workflow), which is reasonable. There are no instructions to read unrelated system files or exfiltrate data.
Install Mechanism
Install spec uses standard package managers (brew formula 'node' and apt package 'npm') which are appropriate and expected for ensuring npm is available. No remote downloads from arbitrary URLs or archive extraction are present.
Credentials
The skill declares no required environment variables or credentials. Commands reference user npm auth state (npm whoami, publish with OTP) which is natural for npm workflows; the skill does not demand unrelated secrets or config paths.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent or elevated platform privileges or modify other skills' configuration. Autonomous invocation is enabled by default but is typical for skills of this type.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install npm - 安装完成后,直接呼叫该 Skill 的名称或使用
/npm触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the npm skill for package management and release workflows.
- Supports npm package install, version inspection, dist-tag management, and publishing with OTP safety.
- Provides guardrails for OpenClaw and plugin releases to prevent publishing errors.
- Includes step-by-step flow for release-safe publishing, including beta tag handling.
- Outlines integration points with ClawHub for seamless package management.
元数据
常见问题
npm 是什么?
Use npm for package install, version inspection, dist-tags, and safe publish flows. Use when working on OpenClaw or ClawHub package releases, validating publ... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 437 次。
如何安装 npm?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install npm」即可一键安装,无需额外配置。
npm 是免费的吗?
是的,npm 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
npm 支持哪些平台?
npm 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 npm?
由 jvy(@jvy)开发并维护,当前版本 v1.0.0。
推荐 Skills