← 返回 Skills 市场

Skill Dependency Fixer

Name: Skill Dependency Fixer
Author: christianteohx

作者 Christian Teo · GitHub ↗ · v2.0.9 · MIT-0

cross-platform ⚠ suspicious

125

总下载

当前安装

版本数

在 OpenClaw 中安装

/install skill-dep-fixer

功能描述

Scan installed OpenClaw skills for missing npm, pip, brew, or system dependencies and auto-install fixable ones.

安全使用建议

This skill's goal is reasonable, but treat it as suspicious until you verify the implementation: 1) Confirm the GitHub repository and author (SKILL.md references a GitHub repo and a Homebrew tap 'christianteohx' — inspect them manually). 2) Prefer running the tool in --dry-run or review any generated Node.js project before executing or installing. 3) Do not run curl|sh or install binaries from unverified releases; prefer official package sources. 4) Be aware that --fix will invoke brew/npm/pip globally and may require privileges or change system state; run under a non-privileged account or in a disposable environment (VM/container) first. 5) Ask the maintainer to fix the metadata mismatch (node declared in SKILL.md but not in registry) and to make explicit whether the agent should auto-run installers or only produce an audit. If you want this skill to run automatically, require explicit confirmation before any system installs.

功能分析

Type: OpenClaw Skill Name: skill-dep-fixer Version: 2.0.9 The skill-dep-fixer bundle instructs the agent to generate a CLI tool that automatically installs system and language-level dependencies (brew, npm, pip) by parsing local markdown files. It also directs the agent to perform system-level updates (e.g., 'brew upgrade', 'clawhub update') and suggests installing a binary from a personal GitHub repository (christianteohx/skill-dep-fixer) via curl. While framed as a maintenance utility, the automated execution of package managers and the instruction for the agent to modify the host environment represent high-risk behaviors that could be exploited if malicious skill metadata is present.

能力评估

ℹ Purpose & Capability

The skill's high-level purpose matches the instructions: scanning ~/.openclaw for SKILL.md and detecting npm/pip/brew/bin issues is coherent. However, the SKILL.md frontmatter claims it requires the 'node' binary (metadata.openclaw.requires.bins: ["node"]) while the registry metadata you provided lists no required binaries — that mismatch should be resolved.

⚠ Instruction Scope

The SKILL.md tells the agent to 'generate a complete Node.js CLI project' and to scan and then optionally auto-fix dependencies by invoking system package managers (brew, npm -g, pip). 'Generate a project' is vague and implies writing files to disk; auto-fixing implies running system-wide installers that may require elevated privileges. It also instructs use of clawhub inspect/update which fetches and modifies other skills' SKILL.md. The instructions therefore go beyond read-only scanning into creating code and performing system-level package operations — this is a scope expansion that should be explicit and gated.

⚠ Install Mechanism

There is no install spec (instruction-only), but the document recommends installing the tool from a third-party Homebrew tap and via curl from GitHub releases. These recommended install mechanisms (third-party tap, direct curl-to-binary) are higher-risk and should be treated with caution. Because the skill will tell the agent how to install and run code it generates or downloads, there's potential to execute arbitrary code if the sources are untrusted.

ℹ Credentials

The skill declares no required environment variables or credentials (registry metadata), which is appropriate for its stated purpose. However, the SKILL.md's metadata claims node is required but that wasn't declared in the registry metadata — a minor proportionality mismatch. The instructions do not request secrets, which is good.

ℹ Persistence & Privilege

always:false (no permanent forced presence). The skill allows autonomous invocation (default), so an agent could run the --fix flow and perform system installs without explicit additional confirmation unless the platform prevents that. Combining autonomous invocation with system package operations increases blast radius; prefer requiring explicit user confirmation for fixes and running dry-run by default.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install skill-dep-fixer
安装完成后，直接呼叫该 Skill 的名称或使用 /skill-dep-fixer 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.0.9

- Added a new section in SKILL.md with instructions for keeping packages updated when using Homebrew, npm, or pip tools - No changes to code logic; documentation improvement only - Output and install instructions remain unchanged

v2.0.8

- Updated installation instructions in SKILL.md for improved clarity. - Changed "Install (Homebrew):" to "Homebrew (recommended):" - Reformatted install methods (Homebrew, direct binary, npm, build from source) with updated section headers. - No code or behavioral changes; documentation update only.

v2.0.7

- Updated SKILL.md to use code blocks for command examples and code snippets, improving readability. - Replaced previous plaintext command lists and examples with formatted code sections for installation and configuration instructions. - No changes to logic, features, or functionality. Documentation/formatting update only.

v2.0.6

- Formatting and section layout of SKILL.md improved for clarity and consistency. - Command list updated to use clearer, consistent bullet formatting. - Detection and fix logic instructions simplified and made more concise. - Example frontmatter restructured for better YAML format readability. - No core logic or behavior changes; documentation only.

v2.0.5

- Documentation formatting improved in SKILL.md for easier reading. - CLI commands in usage instructions are now consistently formatted as code blocks. - No changes to logic or functionality; update affects documentation only.

v2.0.4

- Improved documentation and formatting in SKILL.md for clarity and readability. - Added example for metadata.openclaw.install frontmatter. - Documented CLI commands and output instructions using code blocks and tables. - No code or functionality changes—documentation update only.

v2.0.3

- Updated installation instructions in the Output section to include Homebrew and direct binary methods. - Provided multiple installation and usage methods: Homebrew, direct download, npm, and build from source. - Clarified output instructions to be more concise and user-oriented. - Minor formatting and language improvements throughout documentation.

v2.0.2

- Major rewrite of SKILL.md to define a generator for a Node.js CLI tool, not just a consumer of it. - CLI is now specified as self-contained, requiring only Node.js (no longer git or npm required to use). - Dependency handling and scan instructions now focus on generating a new skill-dep-fixer CLI project. - Clarifies trigger phrases, output formats, scan logic, and exit codes for consistent automated behavior. - Usage directions updated: explains running, installation, and testing of the generated CLI tool.

v2.0.1

- Improved documentation and usage instructions for skill-dep-fixer. - Clarifies when to use the skill and lists new trigger phrases. - Provides detailed dependency check examples for npm, pip, brew, and system binaries. - Explains dependency declaration format in SKILL.md, with real YAML examples. - Lists expected outputs and possible exit codes for users and automation. - Adds homepage URL and declares required system commands for smoother setup.

v2.0.0

Major update: skill-dep-fixer 2.0.0 introduces a powerful CLI tool for auto-fixing skill dependencies. - Now generates a self-contained Node.js CLI (`skill-dep-fixer.js`) to scan, detect, and auto-fix missing dependencies for OpenClaw skills. - Supports scanning both npm, pip, brew, and system binaries declared in skill `SKILL.md` files. - Provides multiple commands: `--dry-run`, `--fix`, `--skill <name>`, `--json`, `--report`, and `--help`. - Pure JavaScript/Node.js implementation with zero external runtime dependencies. - Outputs easy-to-read tables, Discord-formatted reports, and machine-readable JSON. - Exposes trigger phrases such as "fix skill dependencies" and "openclaw doctor" to invoke the skill. - Updated usage instructions and install/test info included post-generation.

v1.5.0

Fix SKILL.md metadata inconsistencies: change requires.anyBins to requires.bins (matches parser), replace kind:shell install entry with kind:npm entries for chalk and js-yaml. Aligns declaration with actual parser behavior.

v1.4.0

Sanitize all interpolated values in check commands with shellQuote(). Prevents SKILL.md injection via read-only check operations (which, brew list, npm list, pip show).

v1.3.0

Remove installCommand() and dead run() helper. All installs use shellQuote-protected functions. Eliminate all raw exec string building paths.

v1.2.0

Security fix: use shell-quoted installer. Eliminates command injection from malformed SKILL.md entries.

v1.1.0

Bundle code + deps in skill. Fix security flag.

v1.0.0

Initial release

元数据

Slug skill-dep-fixer

版本 2.0.9

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 16

常见问题

Skill Dependency Fixer 是什么？

Scan installed OpenClaw skills for missing npm, pip, brew, or system dependencies and auto-install fixable ones. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 125 次。

如何安装 Skill Dependency Fixer？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-dep-fixer」即可一键安装，无需额外配置。

Skill Dependency Fixer 是免费的吗？

是的，Skill Dependency Fixer 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Skill Dependency Fixer 支持哪些平台？

Skill Dependency Fixer 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Skill Dependency Fixer？

由 Christian Teo（@christianteohx）开发并维护，当前版本 v2.0.9。