ClawHub

Nex DepCheck

v1.0.0

Skill dependency checker. Scan Python skills for external dependencies. Verify stdlib-only compliance, check individual files or entire skill directories. No...

0· 14·0 current·0 all-time
byNex AI@nexaiguy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md and the included Python code all implement a Python import scanner that classifies imports as stdlib, internal, or external. No unrelated credentials, binaries, or services are requested. The only slightly surprising item is the curated STDLIB_MODULES list (maintained in lib/config.py), which is a pragmatic implementation detail — it may be incomplete or differ from a target environment but is coherent with the tool's purpose.
Instruction Scope
SKILL.md describes running setup.sh and using the CLI commands (check/scan/file/stdlib). The runtime instructions and the code exclusively read Python files and directory structure, parse import lines, and report classifications. The scanner also checks presence of SKILL.md and setup.sh files in target skill directories — this is consistent with its auditing purpose. There are no instructions to read unrelated system configuration, secrets, or to transmit data externally.
Install Mechanism
No remote downloads or package manager installs. setup.sh is included and simply verifies Python 3.8+, verifies the CLI, and writes a wrapper script into $HOME/.local/bin that execs the bundled .py script. This is low-risk compared to network installs; the wrapper will execute the local script path, so running setup.sh writes an executable to the user's home directory but does not fetch external code.
Credentials
The skill requests no environment variables, credentials, or config paths. It only writes a wrapper to $HOME/.local/bin and suggests adding that directory to PATH. No secrets or unrelated system credentials are requested or accessed.
Persistence & Privilege
always:false (no forced inclusion). The only persistence is the user-level wrapper created in $HOME/.local/bin by setup.sh. This grants the tool a convenient CLI presence but does not alter other skills or system-wide settings. Users should be aware the wrapper points to the repository script path, so modifying the local repo later affects what the wrapper runs.
Assessment
This package appears to do exactly what it says: a local Python import scanner that reports stdlib/internal/external modules and creates a small CLI wrapper in your home bin. Before running setup.sh or installing the wrapper: 1) Inspect setup.sh and the .py files (they're included) to confirm they match your expectations — they do in this package. 2) Consider running the CLI directly (python3 path/to/nex-depcheck.py check ...) before running setup.sh so you avoid writing to $HOME. 3) Note the tool uses a curated stdlib list in lib/config.py that could misclassify some modules; validate results against your environment if precise accuracy matters. 4) If you install the wrapper, remember it will execute the local repository script path — if you clone/modify the repo later, the wrapper will run those changes. If you obtained this package from an untrusted source, run it in an isolated environment or container first.

Like a lobster shell, security has layers — review code before you run it.

latestvk974qn3hwcqj5jv1etdyt0zfxd84aj60

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments