SkillChain

The skill-chain bundle provides supply chain intelligence and ecosystem analysis for OpenClaw skills. It operates by scanning local directories for skill metadata, parsing dependency files (requirements.txt, package.json, pyproject.toml), and performing static analysis on Python scripts using the AST module to identify third-party imports. The scripts (scripts/ingest.py and scripts/analyze.py) implement legitimate auditing features such as dependency tree generation, cycle detection, and health scoring. While it performs network requests to clawhub.ai for metadata enrichment and executes a subprocess call to locate the global npm root, these actions are well-documented and consistent with its stated purpose of ecosystem analysis.