ClawHub

Dependency Upgrade Briefing

v1.0.0

解释依赖升级的收益、风险、回滚方案与对业务的影响。;use for dependencies, upgrade, risk workflows;do not use for 伪造上游 changelog, 替代兼容性测试.

0· 179·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, resources, template, and scripts all align: the skill organizes input about dependency upgrades into a structured briefing. Required binary (python3) and referenced local resource files are appropriate for the stated purpose.
Instruction Scope
SKILL.md confines behavior to producing reviewable drafts and running the included scripts. The script does read files and directories supplied as --input (and can scan a directory tree), which is expected for an audit tool but means you should avoid pointing it at sensitive system directories. The SKILL.md explicitly forbids fabricating changelogs and performing external system writes.
Install Mechanism
No install spec (instruction-only) and the only runnable component is an included Python script that uses the standard library. No external downloads, package installs, or archive extraction are performed.
Credentials
The skill declares no environment variables or credentials. It does read user-supplied files/dirs (via --input) and may include redacted snippets of matches (e.g., secret-like patterns) in reports; that behaviour is part of its audit features but is proportional to an audit/briefing tool.
Persistence & Privilege
always is false and the skill does not request persistent or system-wide privileges. It does not modify other skills or agent configuration. Running the script can write an output file only if you supply --output (or allow default stdout).
Assessment
This skill appears to do what it says: generate structured upgrade briefings and optionally run a local Python script to analyze provided inputs. Before running: (1) inspect scripts/run.py yourself (it is included and uses only the Python standard library); (2) do not point the script at system or home directories containing secrets—it will scan files and can surface redacted secret-like snippets; (3) run the script locally or in a sandbox if you have any doubt about the source (homepage is example.invalid and owner is unknown); (4) the skill does not require network access or credentials, and it explicitly warns not to perform writes or execute high-risk commands—still review outputs before sharing externally.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dc6v80e15z6p46hv82s9b1x831kb5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

⬆️ Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments