ClawHub

Package Manager Updates

v1.0.0

Check, summarize, and update packages across all installed package managers (npm, pip, brew, cargo, go, etc.). Use when user wants to (1) check for outdated...

0· 76·1 current·1 all-time
byGuillaume Maka@guillaumemaka
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (check, summarize, update packages across npm, pip, brew, cargo, go) align with the runtime instructions which list the exact commands to check and update each package manager. One minor omission: the skill does not declare required binaries (npm, pip, brew, cargo, go) even though the instructions rely on them; this is an operational omission but not evidence of misalignment.
Instruction Scope
SKILL.md only tells the agent to run package-manager commands (outdated checks and update commands). This stays within the declared purpose, and it requires explicit user confirmation before performing updates. However, these commands read system package state and — when applied — will modify system/global packages, potentially requiring elevated privileges or affecting system-managed Python/npm installations. The guideline 'skip system-critical packages unless user explicitly asks' is vague and could lead to risky updates if not handled conservatively.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk installation posture. Nothing is downloaded or written by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. It will initiate network activity implicitly when checking/updating packages (npm/pip/go), which is expected for this functionality.
Persistence & Privilege
always is false and the skill does not request persistent presence or elevated platform privileges. The agent could be invoked autonomously (default), but that is normal; actual package updates are gated by explicit user confirmation in the instructions.
Assessment
This skill appears to do what it says: query various package managers and, with confirmation, run update commands. Before installing or running it: (1) confirm the agent will only perform updates after your explicit approval and show you the exact commands it will run; (2) be aware that global pip/npm updates and brew upgrades can change system state, may require sudo, and can break environment-managed packages (e.g., system Python); (3) cargo/go updates may alter project files or dependency graphs in the current working directory — consider running them from the correct project folder or using dry-run/testing first; (4) ask the skill to report which package managers are available on the host before attempting updates; and (5) maintain backups or snapshots (or at least note which packages will be changed) so you can roll back if an update causes problems.

Like a lobster shell, security has layers — review code before you run it.

latestvk978xqmcnnwj107bjp8cwnf2pd83hxhj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments