dependency-tracker

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Dependency Tracker

依赖项跟踪器

Track version drift across all OpenClaw dependencies. Detect updates, generate reports, notify Boss.

跟踪所有OpenClaw依赖项的版本偏移情况。检测更新、生成报告并通知管理员（Boss）。

Quick Start

快速开始

bash

undefined

bash

undefined

1. Scan — build/refresh the local manifest

1. 扫描 — 构建/刷新本地清单

python3 scripts/scan.py

2. Check — compare local vs remote versions

2. 检查 — 对比本地与远程版本

python3 scripts/check.py

3. Report — generate human-readable Markdown report

3. 报告 — 生成易读的Markdown报告

python3 scripts/report.py


All scripts are in the skill directory: `~/.openclaw/workspace/skills/dependency-tracker/scripts/`

python3 scripts/report.py


所有脚本位于技能目录：`~/.openclaw/workspace/skills/dependency-tracker/scripts/`

What It Tracks

跟踪范围

Category	Source	Detection Method
Managed skills (GitHub)	`.skill-lock.json`	GitHub Contents API (git hash compare)
Managed skills (ClewHub)	`_meta.json`	ClewHub API (version compare)
Bundled skills	`/app/skills/`	Tied to OpenClaw version
Workspace skills	`workspace/skills/`	Local git (self-managed)
OpenClaw version	npm registry + GitHub	`npm view` / GitHub Releases API
npm dependencies	`/app/node_modules/`	`npm outdated`
pip packages	system Python	`pip3 list --outdated`
CLI tools	PATH	Version commands

类别	来源	检测方式
托管技能（GitHub）	`.skill-lock.json`	GitHub Contents API（Git哈希对比）
托管技能（ClewHub）	`_meta.json`	ClewHub API（版本对比）
捆绑技能	`/app/skills/`	与OpenClaw版本绑定
工作区技能	`workspace/skills/`	本地Git（自行管理）
OpenClaw版本	npm注册表 + GitHub	`npm view` / GitHub Releases API
npm依赖项	`/app/node_modules/`	`npm outdated`
pip包	系统Python	`pip3 list --outdated`
CLI工具	PATH	版本命令

Workflow

工作流程

On-Demand Check

按需检查

When user asks to check dependencies:

Run
```
scan.py
```
to refresh the manifest
Run
```
check.py
```
to compare against remote sources
Run
```
report.py
```
to generate the report
Send report summary to user (Telegram)
If unknown-source skills found, notify Boss

当用户要求检查依赖项时：

运行
```
scan.py
```
刷新清单
运行
```
check.py
```
对比远程源版本
运行
```
report.py
```
生成报告
将报告摘要发送给用户（Telegram）
若发现来源未知的技能，通知管理员（Boss）

Scheduled Check (Cron)

定时检查（Cron）

Set up a weekly cron job:

Run all three scripts in sequence
Push report summary to Telegram
Only notify if updates are found or errors occur

设置每周Cron任务：

按顺序运行三个脚本
将报告摘要推送至Telegram
仅在发现更新或出现错误时发送通知

Data Files

数据文件

All runtime data lives in

data/

(gitignored from backup):

data/
├── manifest.json        # Full dependency inventory
├── check-results.json   # Latest check results
└── reports/
    └── YYYY-MM-DD-report.md  # Generated reports

所有运行时数据存储在

data/

目录（已从备份中忽略）：

data/
├── manifest.json        # 完整依赖项清单
├── check-results.json   # 最新检查结果
└── reports/
    └── YYYY-MM-DD-report.md  # 生成的报告

Key Design Decisions

核心设计决策

No auto-update: Only detect and report. User decides when to update.
GitHub hash comparison: Uses
```
git hash-object
```
locally vs GitHub Contents API SHA — exact match, no false positives.
Lock file as source of truth:
```
.skill-lock.json
```
(OpenClaw's managed skill registry) provides repo URLs and install metadata.
Changelog extraction: For GitHub skills with updates, fetches recent commits for context.
Unknown source notification: Skills without traceable source are flagged and reported to Boss.

无自动更新：仅检测并报告，由用户决定更新时机。
GitHub哈希对比：使用本地
```
git hash-object
```
与GitHub Contents API SHA对比 — 精确匹配，无误报。
锁定文件作为可信源：
```
.skill-lock.json
```
（OpenClaw的托管技能注册表）提供仓库URL和安装元数据。
变更日志提取：对于有更新的GitHub技能，获取最近提交记录作为上下文参考。
未知来源通知：标记无追溯来源的技能并向管理员（Boss）报告。