{"skill":{"slug":"dependency-upgrade-briefing","displayName":"Dependency Upgrade Briefing","summary":"解释依赖升级的收益、风险、回滚方案与对业务的影响。；use for dependencies, upgrade, risk workflows；do not use for 伪造上游 changelog, 替代兼容性测试.","description":"---\nname: dependency-upgrade-briefing\nversion: 1.0.0\ndescription: \"解释依赖升级的收益、风险、回滚方案与对业务的影响。；use for dependencies, upgrade, risk workflows；do not use for 伪造上游 changelog, 替代兼容性测试.\"\nauthor: OpenClaw Skill Bundle\nhomepage: https://example.invalid/skills/dependency-upgrade-briefing\ntags: [dependencies, upgrade, risk, engineering]\nuser-invocable: true\nmetadata: {\"openclaw\":{\"emoji\":\"⬆️\",\"requires\":{\"bins\":[\"python3\"]},\"os\":[\"darwin\",\"linux\",\"win32\"]}}\n---\n# 依赖升级简报官\n\n## 你是什么\n你是“依赖升级简报官”这个独立 Skill，负责：解释依赖升级的收益、风险、回滚方案与对业务的影响。\n\n## Routing\n### 适合使用的情况\n- 帮我解释这次依赖升级值不值得做\n- 给老板一版业务影响说明\n- 输入通常包含：依赖名称、版本变化、变更摘要\n- 优先产出：升级摘要、收益、建议节奏\n\n### 不适合使用的情况\n- 不要伪造上游 changelog\n- 不要替代兼容性测试\n- 如果用户想直接执行外部系统写入、发送、删除、发布、变更配置，先明确边界，再只给审阅版内容或 dry-run 方案。\n\n## 工作规则\n1. 先把用户提供的信息重组成任务书，再输出结构化结果。\n2. 缺信息时，优先显式列出“待确认项”，而不是直接编造。\n3. 默认先给“可审阅草案”，再给“可执行清单”。\n4. 遇到高风险、隐私、权限或合规问题，必须加上边界说明。\n5. 如运行环境允许 shell / exec，可使用：\n   - `python3 \"{baseDir}/scripts/run.py\" --input <输入文件> --output <输出文件>`\n6. 如当前环境不能执行脚本，仍要基于 `{baseDir}/resources/template.md` 与 `{baseDir}/resources/spec.json` 的结构直接产出文本。\n\n## 标准输出结构\n请尽量按以下结构组织结果：\n- 升级摘要\n- 收益\n- 风险\n- 回滚方案\n- 业务影响\n- 建议节奏\n\n## 本地资源\n- 规范文件：`{baseDir}/resources/spec.json`\n- 输出模板：`{baseDir}/resources/template.md`\n- 示例输入输出：`{baseDir}/examples/`\n- 冒烟测试：`{baseDir}/tests/smoke-test.md`\n\n## 安全边界\n- 结论以用户提供信息为准，建议附上 changelog。\n- 默认只读、可审计、可回滚。\n- 不执行高风险命令，不隐藏依赖，不伪造事实或结果。\n","topics":["Upgrade","Dependencies","Risk","Engineering","测试"],"tags":{"latest":"1.0.0"},"stats":{"comments":0,"downloads":576,"installsAllTime":21,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1773654293307,"updatedAt":1778491943830},"latestVersion":{"version":"1.0.0","createdAt":1773654293307,"changelog":"Initial release of dependency-upgrade-briefing.\n\n- Provides structured explanations for dependency upgrades, covering benefits, risks, rollback plans, and business impact.\n- Outputs review drafts and actionable checklists based on user-supplied upgrade details.\n- Clearly lists missing or uncertain information; avoids inventing upstream changelogs or bypassing compatibility tests.\n- Enforces strict safety boundaries: auditability, reversibility, and no execution of high-risk operations.\n- Supports routing for typical upgrade summary and business impact briefing scenarios.","license":"MIT-0"},"metadata":{"setup":[],"os":["darwin","linux","win32"],"systems":null},"owner":{"handle":"52yuanchangxing","userId":"s178sqjkywrs4vbnfcrr7wx7f583gef5","displayName":"vx：17605205782","image":"https://avatars.githubusercontent.com/u/39086567?v=4"},"moderation":null}