← 返回
未分类 中文

Fix NPM Vulnerabilities

This skill should be used when the user asks about "npm vulnerabilities", "npm audit", "fix npm security", "security vulnerabilities in packages", "vulnerabl...
此技能应在用户询问“npm 漏洞”“npm audit”“修复 npm 安全”“软件包安全漏洞”等时使用。
jelllove jelllove 来源
未分类 clawhub v1.0.1 1 版本 100000 Key: 无需
★ 0
Stars
📥 304
下载
💾 0
安装
1
版本
#latest

概述

NPM Vulnerability Fix Skill

This skill provides guidance when users mention npm security vulnerabilities and suggests the automated fix workflow.

When This Skill Applies

This skill activates when the user's request involves:

  • Running npm audit or discussing audit results
  • Fixing npm security vulnerabilities
  • Updating vulnerable npm dependencies
  • Dealing with outdated packages that have known CVEs
  • Security scanning of Node.js projects

Guidance

When a user mentions npm vulnerabilities or security issues in their Node.js project, suggest using the /fix-npm-vuln slash command which provides a complete automated workflow:

  1. Clean working tree — reverts uncommitted changes (with confirmation)
  2. Branch management — switches to main, pulls latest, creates a fix branch
  3. Vulnerability scanning — scans all package.json directories
  4. Automated fixing — runs npm audit fix with smart escalation
  5. Clean environment — removes all node_modules, build caches, and reinstalls dependencies fresh
  6. Build verification — ensures the project still builds
  7. Test verification — ensures tests still pass
  8. Summary report — displays all changes made

Suggested Response

When this skill activates, inform the user:

> You can use /fix-npm-vuln to run a complete automated npm vulnerability fix workflow. It will scan all project directories, fix vulnerabilities, verify builds and tests, and create a dedicated branch with all the changes. Would you like to run it?

Important Notes

  • The command requires a git repository to work
  • It will create a new branch for the fixes (does not modify main directly)
  • User confirmation is required before reverting any uncommitted changes
  • Build and test failures are handled interactively

Tool Auto-Installation

If a tool required to complete any step is not installed on the current machine, apply the following policy before asking the user:

  1. Check availability — verify whether the tool is missing (e.g. where tool or which tool returns nothing)
  2. Assess risk — a tool is considered low-risk if it is:
    • Publicly available (official npm package, well-known CLI, OS package manager)
    • Widely used and maintained (e.g. npm-check-updates, snyk, yarn, pnpm)
    • Non-destructive by default (does not modify system files, does not require elevated permissions)
  3. Auto-install if low-risk — install silently without asking the user:
    • npm global tool: npm install -g
    • winget (Windows): winget install
    • Other package managers as appropriate for the OS
  4. Ask the user if high-risk — if the tool requires admin rights, modifies system config, or is from an unverified source, show the install command and ask for confirmation before proceeding.

版本历史

共 1 个版本

  • v1.0.1 当前
    2026-05-07 17:23 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装后可防止您和您的用户受到提示注入、数据泄露及恶意行为的侵害。
★ 116 📥 31,037
it-ops-security

1password

steipete
设置和使用 1Password CLI (op)。适用于:安装 CLI、启用桌面应用集成、登录(单/多账户)、通过 op 读取/注入/运行密钥。
★ 53 📥 31,846
it-ops-security

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 90 📥 31,138