← 返回 Skills 市场
sky-lv

Package Updater

作者 SKY-lv · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
46
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install package-updater
功能描述
Auto-checks and updates outdated dependencies. Shows changelogs and breaking changes before updating. Triggers: update dependencies, upgrade packages, check...
安全使用建议
This skill appears to do what it says, but the SKILL.md assumes tools (npm, pip, cargo, go, git) and test commands exist while the metadata declares none—ask the publisher to clarify required binaries and exact update/test/commit commands. Before running: (1) run it on a non-critical branch or clone, (2) ensure you have backups and CI or tests configured, (3) verify the tool will prompt for confirmation before applying major updates, and (4) prefer running manually the first time to review the generated report and changelogs. If you need higher assurance, request explicit declarations of required binaries, sample commands the skill will run, and whether it will push commits automatically or only prepare local commits for review.
功能分析
Type: OpenClaw Skill Name: package-updater Version: 1.0.0 The skill is a standard dependency management utility designed to check for and update outdated packages across various ecosystems (npm, pip, cargo, go). The instructions in SKILL.md follow best practices, such as performing risk assessments, reporting changes before execution, and running tests, with no evidence of malicious intent, data exfiltration, or unauthorized execution.
能力评估
Purpose & Capability
The name/description (auto-checks and updates dependencies) aligns with the instructions (detect package manager, run outdated checks, update in stages). However the metadata declares no required binaries while the runtime instructions expect npm, pip, cargo, go toolchain and git to exist. That mismatch is unexplained.
Instruction Scope
Instructions stay within the stated purpose (scanning manifests, running package manager outdated commands, assessing risk, updating, running tests, committing). They do not attempt to exfiltrate data or contact unexpected endpoints. Concerns: the doc is vague about where to run (project root detection), what test command to run, how to perform updates exactly (which update commands to invoke), and it assumes committing is acceptable and that a VCS exists. Those gaps grant broad agent discretion which could lead to unexpected changes if not constrained.
Install Mechanism
Instruction-only skill with no install spec or code files, so nothing is written to disk by the skill itself. This is low install risk.
Credentials
No environment variables or credentials are requested, which is appropriate. However the skill implicitly requires access to local developer tools (npm, pip, cargo, go, git) and network access to package registries; these are not declared in the metadata. That omission reduces transparency and could surprise users.
Persistence & Privilege
always:false and no install steps mean the skill does not request permanent privileged presence. It does instruct committing changes to the repository, which modifies user data, but this is normal for a dependency-updater if user consents.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install package-updater
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /package-updater 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of skylv-dependency-updater. - Scans project dependencies for updates across multiple package managers (npm, pip, cargo, go). - Displays changelogs and highlights breaking changes before updating. - Assesses update risk by distinguishing between patch, minor, and major version changes. - Provides a structured update strategy: report first, staged updates, tests after each change, and separate commits per update. - Triggered by user prompts like "update dependencies" or "check outdated".
元数据
Slug package-updater
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Package Updater 是什么?

Auto-checks and updates outdated dependencies. Shows changelogs and breaking changes before updating. Triggers: update dependencies, upgrade packages, check... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 46 次。

如何安装 Package Updater?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install package-updater」即可一键安装,无需额外配置。

Package Updater 是免费的吗?

是的,Package Updater 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Package Updater 支持哪些平台?

Package Updater 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Package Updater?

由 SKY-lv(@sky-lv)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论