Back to Details

dependency-tracker

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Dependency Tracker

依赖项跟踪器

Track version drift across all OpenClaw dependencies. Detect updates, generate reports, notify Boss.
跟踪所有OpenClaw依赖项的版本偏移情况。检测更新、生成报告并通知管理员(Boss)。

Quick Start

快速开始

bash
undefined
bash
undefined

1. Scan — build/refresh the local manifest

1. 扫描 — 构建/刷新本地清单

python3 scripts/scan.py
python3 scripts/scan.py

2. Check — compare local vs remote versions

2. 检查 — 对比本地与远程版本

python3 scripts/check.py
python3 scripts/check.py

3. Report — generate human-readable Markdown report

3. 报告 — 生成易读的Markdown报告

python3 scripts/report.py

All scripts are in the skill directory: `~/.openclaw/workspace/skills/dependency-tracker/scripts/`
python3 scripts/report.py

所有脚本位于技能目录:`~/.openclaw/workspace/skills/dependency-tracker/scripts/`

What It Tracks

跟踪范围

CategorySourceDetection Method
Managed skills (GitHub)
.skill-lock.json
GitHub Contents API (git hash compare)
Managed skills (ClewHub)
_meta.json
ClewHub API (version compare)
Bundled skills
/app/skills/
Tied to OpenClaw version
Workspace skills
workspace/skills/
Local git (self-managed)
OpenClaw versionnpm registry + GitHub
npm view
/ GitHub Releases API
npm dependencies
/app/node_modules/
npm outdated
pip packagessystem Python
pip3 list --outdated
CLI toolsPATHVersion commands
类别来源检测方式
托管技能(GitHub)
.skill-lock.json
GitHub Contents API(Git哈希对比)
托管技能(ClewHub)
_meta.json
ClewHub API(版本对比)
捆绑技能
/app/skills/
与OpenClaw版本绑定
工作区技能
workspace/skills/
本地Git(自行管理)
OpenClaw版本npm注册表 + GitHub
npm view
/ GitHub Releases API
npm依赖项
/app/node_modules/
npm outdated
pip包系统Python
pip3 list --outdated
CLI工具PATH版本命令

Workflow

工作流程

On-Demand Check

按需检查

When user asks to check dependencies:
  1. Run 
    scan.py
    to refresh the manifest
  2. Run 
    check.py
    to compare against remote sources
  3. Run 
    report.py
    to generate the report
  4. Send report summary to user (Telegram)
  5. If unknown-source skills found, notify Boss
当用户要求检查依赖项时:
  1. 运行
    scan.py
    刷新清单
  2. 运行
    check.py
    对比远程源版本
  3. 运行
    report.py
    生成报告
  4. 将报告摘要发送给用户(Telegram)
  5. 若发现来源未知的技能,通知管理员(Boss)

Scheduled Check (Cron)

定时检查(Cron)

Set up a weekly cron job:
  • Run all three scripts in sequence
  • Push report summary to Telegram
  • Only notify if updates are found or errors occur
设置每周Cron任务:
  • 按顺序运行三个脚本
  • 将报告摘要推送至Telegram
  • 仅在发现更新或出现错误时发送通知

Data Files

数据文件

All runtime data lives in 
data/
(gitignored from backup):
data/
├── manifest.json        # Full dependency inventory
├── check-results.json   # Latest check results
└── reports/
    └── YYYY-MM-DD-report.md  # Generated reports
所有运行时数据存储在
data/
目录(已从备份中忽略):
data/
├── manifest.json        # 完整依赖项清单
├── check-results.json   # 最新检查结果
└── reports/
    └── YYYY-MM-DD-report.md  # 生成的报告

Key Design Decisions

核心设计决策

  • No auto-update: Only detect and report. User decides when to update.
  • GitHub hash comparison: Uses 
    git hash-object
    locally vs GitHub Contents API SHA — exact match, no false positives.
  • Lock file as source of truth: 
    .skill-lock.json
    (OpenClaw's managed skill registry) provides repo URLs and install metadata.
  • Changelog extraction: For GitHub skills with updates, fetches recent commits for context.
  • Unknown source notification: Skills without traceable source are flagged and reported to Boss.
  • 无自动更新:仅检测并报告,由用户决定更新时机。
  • GitHub哈希对比:使用本地
    git hash-object
    与GitHub Contents API SHA对比 — 精确匹配,无误报。
  • 锁定文件作为可信源
    .skill-lock.json
    (OpenClaw的托管技能注册表)提供仓库URL和安装元数据。
  • 变更日志提取:对于有更新的GitHub技能,获取最近提交记录作为上下文参考。
  • 未知来源通知:标记无追溯来源的技能并向管理员(Boss)报告。