← 返回 Skills 市场
geoffrey-xiao

NPM Package Scanner

作者 geoffrey-xiao · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
226
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install npm-package-scan
功能描述
Scan npm packages used in a repository for risk, maintenance health, and upgrade concerns.
安全使用建议
This is an instruction-only repo-inspection skill that mostly does what it says: reads package manifests and runs package-manager audits. Before using it, ensure the required tools (rg, jq, npm, and currently required bun) are actually available — bun may be unnecessary for many projects but is declared mandatory. Be aware that npm/pnpm/yarn audit commands contact package registries (network activity) and may return noisy results; the skill does not request secrets. Also note the skill references local helper files (references/*.md) that are not included. If you want to use it on a repo that uses pnpm or yarn, either install those tools or update the skill to declare them. If you’re unsure, run the commands manually first to confirm outcomes and network behavior before granting the agent autonomous runs.
功能分析
Type: OpenClaw Skill Name: npm-package-scanner Version: 1.0.0 The NPM Package Scanner skill is a standard utility designed to audit repository dependencies for security and maintenance risks. It uses legitimate tools such as `rg`, `npm audit`, and `bun audit` to inspect manifest files (e.g., package.json) and identify vulnerabilities. The instructions in SKILL.md are transparent, align with the stated purpose, and include explicit constraints against modifying the environment without user permission.
能力评估
Purpose & Capability
The declared purpose (inspect package.json/lockfiles and run audits) aligns with the requested binaries (rg, jq, npm). However bun is listed as a required binary even though many repos will not use Bun; pnpm and yarn are referenced in the instructions but are not declared as required. Requiring bun as mandatory is disproportionate for a generic npm-scanner and could cause unnecessary install failures.
Instruction Scope
Runtime instructions stay within the stated purpose: locate manifests, read package.json/locks, list dependencies, and run package-manager audits. The skill references local files (manifests, locks) and runs audit/list commands but does not instruct the agent to modify dependencies. Note: it references 'references/checklist.md' and 'references/commands.md' which are not present in the skill bundle.
Install Mechanism
Instruction-only skill with no install spec or code files — nothing is written to disk by the skill itself. This is low risk from an install perspective.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for secrets and only needs local repo access and standard developer tools.
Persistence & Privilege
always is false and the skill does not request any persistent agent-wide privileges. Autonomous invocation is allowed by default but there are no elevated persistence claims.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install npm-package-scan
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /npm-package-scan 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of NPM Package Scanner. - Scans npm packages in a repository for risk, maintenance issues, and upgrade concerns. - Analyzes package manifests, lockfiles, and workspace configurations. - Identifies risky, stale, or unnecessary dependencies and semver issues. - Runs audit commands for npm, bun, pnpm, and yarn when available. - Provides a structured summary of findings and actionable recommendations.
元数据
Slug npm-package-scan
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

NPM Package Scanner 是什么?

Scan npm packages used in a repository for risk, maintenance health, and upgrade concerns. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 226 次。

如何安装 NPM Package Scanner?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install npm-package-scan」即可一键安装,无需额外配置。

NPM Package Scanner 是免费的吗?

是的,NPM Package Scanner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

NPM Package Scanner 支持哪些平台?

NPM Package Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 NPM Package Scanner?

由 geoffrey-xiao(@geoffrey-xiao)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论