ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Laravel Package Search

v2.0.3

Real-time Laravel package search via Packagist API with local cache. Supports 22 scenes, quality scoring, and cross-references to laravel-docs-reader for off...

0· 101·0 current·0 all-time
byGao.QiLin@relunctance

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for relunctance/laravel-package-search.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Laravel Package Search" (relunctance/laravel-package-search) from ClawHub.
Skill page: https://clawhub.ai/relunctance/laravel-package-search
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install laravel-package-search

ClawHub CLI

Package manager switcher

npx clawhub@latest install laravel-package-search
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md repeatedly describes a PHP CLI tool (scripts/search.php), local cache (scripts/.cache.json), and real-time Packagist API calls. The skill bundle contains no PHP script or any code files to implement that behavior, and the metadata does not declare PHP (php CLI) as a required binary. A consumer expecting a runnable CLI/search tool would not get one from this bundle.
!
Instruction Scope
Runtime instructions tell the agent to run `php search.php`, create/read a cache file at scripts/.cache.json, and call Packagist as well as cross-reference another skill (laravel-docs-reader). Because the actual script is not included, the instructions either expect the agent to implement or fetch code at runtime (not documented) or assume a preexisting environment. The instructions also assume filesystem write access and outbound network access (Packagist), which are not declared or controlled by the manifest.
Install Mechanism
There is no install spec (instruction-only), which is low-risk from an install-footprint perspective. However, the absence of shipped code means the documented runtime behavior cannot be validated from the bundle itself — the skill is effectively a spec, not an implementation.
Credentials
The skill declares no required environment variables or credentials (proportionate). That said, the SKILL.md references creating composer require commands and sample config env('PACKAGE_KEY') for downstream packages, which are unrelated to this skill's own operation. The skill will need network access to Packagist and a PHP runtime to operate as documented; neither is declared.
Persistence & Privilege
The skill does not request always:true or any persistent privileges. It does instruct creating a local cache file under scripts/.cache.json if the CLI existed, which is limited scope and not elevated privilege.
What to consider before installing
This bundle is inconsistent: the SKILL.md describes a PHP-based CLI (scripts/search.php) and a local cache file, but the package contains no script or code and does not declare PHP as required. Before installing or enabling this skill: (1) Ask the publisher for the missing code (scripts/search.php) or an explanation of how the agent is expected to execute the described CLI. (2) Verify that a PHP runtime will actually be available where the agent runs; otherwise the documented commands cannot run. (3) If you plan to run any provided PHP script, review its source first — the SKILL.md expects the script to read/write scripts/.cache.json and perform outbound Packagist requests, so run it in a sandbox or restricted environment with limited filesystem/network access. (4) If the author supplies the missing code, re-run a content review: verify no hardcoded endpoints, secrets, or unexpected network calls are present and ensure the script only contacts packagist.org and documented resources. If you cannot obtain the code or a satisfactory explanation, treat this skill as non-functional and do not enable it for autonomous use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dpydqea9858n6pvvtszc42983reds
101downloads
0stars
5versions
Updated 1mo ago
v2.0.3
MIT-0
Gao.QiLin@relunctance
latest
Download

Laravel Package Search - Skill Specification

Overview

Skill Name: Laravel Package Search Type: Development Assistant Skill Target: Laravel developers seeking efficient plugin selection Engine: OpenClaw Agent

1. Core Objectives

  • Real-time Packagist API — data never stale, always fresh
  • Local cache (1 hour TTL) — fast repeat queries
  • Score packages by: stars × downloads × activity × Laravel compatibility
  • Support 22 scene categories including AI/LLM, rate-limit, Stripe, SMS
  • Cross-reference to laravel-docs-reader for official Laravel documentation
  • Provide install commands + config snippets

2. Scene Categories

Supported Scenes

SceneChineseDescription
auth认证/权限Authentication, authorization, roles, permissions
payment支付/订单Payment gateways, Stripe, Alipay, WeChat Pay
multitenancy多租户Multi-tenant SaaS applications
excelExcel/导入导出Spreadsheet import/export, data processing
media媒体/文件File uploads, media management, CDN
wechat微信WeChat SDK, Mini Program
queue队列/任务Job queues, Laravel Horizon
admin后台管理Admin panels, Filament
search搜索/全文检索Full-text search, Algolia, Scout
logging日志/审计Logging, audit trails
apiAPI/SDKREST API, GraphQL, Sanctum
testing测试Pest, PHPUnit
cache缓存Redis, cache management
security安全Security headers, CSRF
devtools开发工具Debug, Telescope, Debugbar
email邮件Mailgun, notifications
storage存储S3, cloud storage
ui前端/UIVue, React, Inertia, Breeze
aiAI/LLM集成OpenAI, LLM, chatbot
ratelimit限流Rate limiting, throttle
stripeStripe支付Stripe subscriptions & payments
sms短信Twilio, SMS notifications

3. Package Evaluation Criteria

Each package is scored in real-time via Packagist API (live data):

CriterionWeightSource
GitHub Stars15%Packagist API (github_stars field)
Packagist Downloads20%Packagist API (downloads.total)
Favorites10%Packagist API (favers)
Maintenance Activity30%Last commit time (≤30d=100, ≤1y=40, >2y=0)
Laravel Compatibility15%composer.json require (10/11/12)
Description Quality10%Non-empty description = 100

Real-time Scoring

Score = min(100, stars/500)*0.15 + min(100, log10(downloads)*15)*0.20
      + min(100, favers/200)*0.10 + activityScore*0.30
      + (hasLaravelVersion ? 100 : 0)*0.15 + (hasDescription ? 100 : 0)*0.10

Data fetched live from Packagist API. Cached for 1 hour in scripts/.cache.json.

4. Top 20 Laravel Packages

Run php search.php top 20 for live rankings

5. Smart Recommendation Logic

When a user describes their needs:

  1. Parse Intent → Map to scene category
  2. Match Packages → Find packages in that scene
  3. Filter → Remove incompatible versions
  4. Sort → By recommendation score
  5. Output → Top 3 recommendations with reasoning

Output Template

## 🎯 Recommended for: [User's Scenario]

**Top Pick**: [Package Name]
- **Why**: [Recommendation Reason]
- **Alternative**: [Alternative Package]
- **Caution**: [Any concerns]
- **Install**: `composer require [package]`
- **Compatibility**: Laravel X / Y / Z

---

**Alternative 1**: [Name] ...
**Alternative 2**: [Name] ...

6. Installation & Configuration

Each package entry includes:

composer require vendor/package

// config/services.php or dedicated config file
'package' => [
    'key' => env('PACKAGE_KEY'),
],

// app/Providers/AppServiceProvider.php
public function register(): void
{
    $this->mergeConfigFrom(...);
}

7. Version Compatibility

LaravelCompatible Packages
Laravel 12Packages updated after 2024-Q4
Laravel 11Packages updated after 2023-Q2
Laravel 10Packages updated after 2022-Q1

Always verify: composer show vendor/package --tree | grep laravel/framework

8. CLI Tool (scripts/search.php)

Real-time Packagist API with local caching. No static data.

Commands

php search.php <command> [args]
CommandArgsDescription
search<scene> [limit]Search by scene (auth, payment, ai...)
compare<pkg1> <pkg2>Compare two packages
recommend<requirement>Natural language recommendation
top[limit]Show Top N packages (default 10)
scenesList all 22 scene categories

Examples

# Search AI packages
php search.php search ai 3

# Compare two auth packages
php search.php compare spatie/laravel-permission laravel/sanctum

# Natural language recommendation
php search.php recommend "I need WeChat Pay for Laravel 11"
php search.php recommend "I need AI chat for Laravel"
php search.php recommend "I need rate limiting"

# Top 20 packages
php search.php top 20

# All scenes
php search.php scenes

Caching

Cache file: scripts/.cache.json (auto-created)
TTL: 1 hour

Integration with OpenClaw Agent

When the agent receives a package query, it calls php search.php and formats the output. If the user asks about Laravel official docs, it cross-references laravel-docs-reader skill.

8b. laravel-docs-reader Cross-Reference

This skill automatically cross-references Laravel official documentation for known packages:

Package → Official Laravel Docs
spatie/laravel-permission → Authorization docs
laravel/scout → Database Search docs
laravel/horizon → Queues docs
laravel/telescope → Debugging docs
laravel/sanctum → SPA Authentication docs
laravel/cashier → Billing docs
laravel/fortify → Authentication docs
filament/filament → filamentphp.com/docs
maatwebsite/excel → docs.laravel-excel.com

For packages not in the map, the output includes:

📖 Laravel Docs: Run `laravel-docs-reader` to search official docs for this package

Workflow

  1. User asks: "recommend a Laravel auth package"
  2. This skill returns ranked packages with install commands
  3. Output includes: 📖 Laravel Docs: Run laravel-docs-reader to search official docs
  4. User can then ask: "search laravel-docs-reader for sanctum setup"
  5. laravel-docs-reader handles the official documentation query

Activation Keywords

  • "帮我找个 Laravel 插件"
  • "Laravel package for XXX"
  • "推荐 Laravel 认证插件"
  • "Laravel auth package recommendation"
  • "帮我评估这个包"
  • "compare Laravel packages"

Workflow

  1. User describes requirement (Chinese or English)
  2. Skill identifies scene category
  3. Skill searches Top20 + scene database
  4. Skill returns ranked recommendations
  5. User selects → Skill provides install + config

10. Data Sources

  • Packagist API: https://packagist.org/api/search.json?q=
  • GitHub API: https://api.github.com/repos/{vendor}/{package}
  • GitHub Trending: Community activity
  • Official Laravel Packages: laravel.com/packages

11. File Structure

laravel-package-search/
├── SKILL.md                          # This file
├── references/
│   └── scene-index.md                # Scene category index
└── scripts/
    └── search.php                    # Real-time Packagist CLI (v3)

12. Publishing to Skills Market

clawhub login
clawhub publish laravel-package-search

Or submit to ClawHub website for review.

13. Maintenance

  • Update Top 20 quarterly
  • Add new scenes as Laravel ecosystem evolves
  • Track deprecated packages and mark them
  • Update compatibility for new Laravel releases

Comments

Loading comments...