← 返回 Skills 市场
2222
总下载
0
收藏
5
当前安装
1
版本数
在 OpenClaw 中安装
/install npm-search
功能描述
Search npm packages. Use for finding Node.js/JavaScript packages, libraries, and tools.
安全使用建议
This skill is instruction-only and delegates to a local script (`scripts/npmsearch`) and to a non-standard binary (`npm-search-mcp-server`) that the skill does not supply or document. Before installing or enabling it: 1) confirm where `npm-search-mcp-server` comes from and only install a trusted upstream (official repo or release). 2) Inspect any `scripts/npmsearch` file that will be run — do not let the agent execute an unknown local script without review. 3) If you can't find or audit the script/binary, consider declining the skill or running it in a sandbox. The lack of provided code or install instructions makes the skill coherent in purpose but risky in practice.
功能分析
Type: OpenClaw Skill
Name: npm-search
Version: 1.0.0
The skill instructs the agent to execute a local script, `scripts/npmsearch`, via `bash scripts/npmsearch "<query>"` as seen in `skill.md`. However, the content of this script is not provided for analysis. This introduces an opaque execution path, making it a risky capability as the script's actual behavior (e.g., file access, network calls) cannot be verified as benign without its content. While there's no clear evidence of malicious intent in the provided files, the unknown nature of the executed script prevents a benign classification.
能力评估
Purpose & Capability
The name/description (npm package search) aligns with requiring a search helper binary and jq for output parsing. Requiring npm-search-mcp-server and jq is plausible for an npm-search wrapper, but the skill does not provide or document where npm-search-mcp-server comes from.
Instruction Scope
SKILL.md tells the agent to run `bash scripts/npmsearch "<query>"`, but there is no scripts/ directory or script provided by the skill. That means the agent would execute whatever `scripts/npmsearch` exists in the user's environment (or fail). Running an unspecified local script is a scope and safety concern because its behavior is unknown.
Install Mechanism
There is no install spec (instruction-only), which keeps disk footprint low. However, the skill requires a non-standard binary (npm-search-mcp-server) and provides no guidance on where to obtain it or how to verify it, increasing risk if a user blindly installs an untrusted package.
Credentials
The skill requests no environment variables, credentials, or config paths — its requested privileges are minimal and proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request persistent presence or elevated agent-wide privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install npm-search - 安装完成后,直接呼叫该 Skill 的名称或使用
/npm-search触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Search and discover Node.js/JavaScript packages on npm
元数据
常见问题
NPM Search 是什么?
Search npm packages. Use for finding Node.js/JavaScript packages, libraries, and tools. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2222 次。
如何安装 NPM Search?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install npm-search」即可一键安装,无需额外配置。
NPM Search 是免费的吗?
是的,NPM Search 完全免费(开源免费),可自由下载、安装和使用。
NPM Search 支持哪些平台?
NPM Search 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 NPM Search?
由 Seth Rose(@thesethrose)开发并维护,当前版本 v1.0.0。
推荐 Skills