ClawHub

Dep Graph

v1.0.0

Analyze and visualize project dependency trees from manifest files. Supports Node.js (package.json), Python (requirements.txt, pyproject.toml), Go (go.mod),...

0· 66·0 current·0 all-time
byJohn Wang@johnnywang2001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the script parses common manifest files (package.json, requirements.txt, pyproject.toml, go.mod, Cargo.toml, Gemfile, composer.json) and formats a tree or JSON. It does not request unrelated permissions or environment variables.
Instruction Scope
SKILL.md instructs running the included script against a project directory and using flags for JSON/summary/formatting. The script only reads files in the target directory (manifest files) and prints output; there are no instructions to read other system files, call external endpoints, or exfiltrate data.
Install Mechanism
No install spec is provided (instruction-only). The script uses only the Python standard library as claimed. Nothing is downloaded or written to disk by an installer.
Credentials
The skill declares no required environment variables, credentials, or config paths and the code does not reference credentials or external services. Requested access is minimal and appropriate for the described task.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent presence or attempt to modify other skills or global agent settings. Autonomous invocation is allowed (platform default) but is not combined with other concerning privileges.
Assessment
This skill is a small, local dependency manifest parser and appears coherent with its description. If you install it, note it will run the included Python script with the permissions of the agent and will read files in whatever project directory you point it at. If you want extra safety, inspect the script (scripts/dep_graph.py) yourself and run it in a controlled environment before allowing the agent to run it against sensitive directories.

Like a lobster shell, security has layers — review code before you run it.

latestvk974zcvswpfyda2twsqmhvxfg983g53c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments