← 返回 Skills 市场
244
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install package-version-tracker
功能描述
查询 npm 和 PyPI 包的版本信息、历史发布及依赖,支持版本比较和批量查询,响应快速无须 API key。
安全使用建议
This skill appears to perform the described public-registry lookups and does not request secrets or local file access, so it is low-risk in terms of credential exfiltration. However, the documentation overstates features (mentions batch queries and dependency info) that the included script doesn't fully provide — that inconsistency could be sloppy engineering or indicate an incomplete/untested skill. Before installing: (1) review the script if you need batch queries or dependency details (it currently handles single-package queries only), (2) be aware it requires outbound network access to npmjs.org and pypi.org, and (3) if you require the advertised features, ask the author for an updated implementation or patch the script yourself. If you need a security-strong recommendation, treat this as untrusted code until you validate it works as advertised.
功能分析
Type: OpenClaw Skill
Name: package-version-tracker
Version: 1.0.1
The skill bundle is a legitimate utility for querying npm and PyPI package information. The Python script (scripts/package_version_tracker.py) uses standard libraries to fetch data from official registries (registry.npmjs.org and pypi.org) and contains no evidence of malicious behavior, data exfiltration, or command injection vulnerabilities.
能力评估
Purpose & Capability
Name and description match the included code: the Python script queries public npm and PyPI JSON endpoints and provides version info and a simple version-compare. However the SKILL.md/_meta.json claim support for batch queries and dependency details; the script does not implement batch processing or extract dependency lists as the docs imply.
Instruction Scope
SKILL.md instructs use of public registry APIs and lists rate limits and batch limits. The runtime instructions do not ask for any files, credentials, or unexpected endpoints. But there's a scope mismatch: SKILL.md promises dependency information and multi-package batch queries, while the script only handles single-package queries and returns limited fields.
Install Mechanism
No install spec, no downloads, and one small Python script packaged with the skill. No third-party installers or remote archives are used — low install risk.
Credentials
No environment variables, credentials, or config paths are requested. _meta.json lists 'network' permission which is appropriate for querying public registries.
Persistence & Privilege
Skill is not always-enabled, does not request elevated platform privileges, and does not modify other skills or system configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install package-version-tracker - 安装完成后,直接呼叫该 Skill 的名称或使用
/package-version-tracker触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Version 1.0.1 of Package Version Tracker
- No file changes detected in this release.
- Functionality, usage, and limitations remain unchanged.
v2.0.0
No changes detected in this version.
v1.0.0
Version 1.0.0
- Initial release of Package Version Tracker.
- Supports querying npm and PyPI package versions, including latest version, release dates, and full version history.
- Allows version comparison between two versions.
- Enables batch querying for up to 10 packages at once.
- No API key required; uses public registry APIs.
- Rate limit set to 5 requests per second.
元数据
常见问题
Package Version Tracker 是什么?
查询 npm 和 PyPI 包的版本信息、历史发布及依赖,支持版本比较和批量查询,响应快速无须 API key。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 244 次。
如何安装 Package Version Tracker?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install package-version-tracker」即可一键安装,无需额外配置。
Package Version Tracker 是免费的吗?
是的,Package Version Tracker 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Package Version Tracker 支持哪些平台?
Package Version Tracker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Package Version Tracker?
由 SxLiuYu(@sxliuyu)开发并维护,当前版本 v1.0.1。
推荐 Skills