{"id":"72f20ab1-6f71-4fe9-8a1e-605d8d169fcf","shortId":"4pGFwE","kind":"skill","title":"dependency-update-bot","tagline":"Scans your project for outdated npm, pip, Cargo, Go, or Ruby packages. Runs a CVE security audit. Fetches changelogs, summarizes breaking changes with Gemini, and opens one PR per risk group (patch, minor, major). Includes Diagnosis Mode for install conflicts. Use when asked to u","description":"# Dependency Update Bot\n\nScan for outdated packages. Run a security audit. Fetch changelogs. Summarize breaking changes. Open one PR per risk group.\n\n---\n\n**Critical rule:** Only update packages that the package manager's outdated command actually reports. Never guess or invent version numbers. If a changelog cannot be fetched, note the gap rather than inventing content.\n\n---\n\n## Step 1: Setup Check\n\n```bash\necho \"GEMINI_API_KEY: ${GEMINI_API_KEY:+set}\"\necho \"GITHUB_TOKEN: ${GITHUB_TOKEN:-not set, changelog fetching rate-limited to 60/hour}\"\ngh auth status 2>/dev/null | head -1 || echo \"gh: not authenticated\"\n```\n\n**If GEMINI_API_KEY is missing:** Stop. Tell the user: \"GEMINI_API_KEY is required. Get it at aistudio.google.com. Add it to your .env file.\"\n\n**If gh is not authenticated:** Stop. Tell the user: \"GitHub CLI must be authenticated. Run: gh auth login\"\n\n**Detect package manager(s):**\n\n```bash\nls package.json 2>/dev/null && echo \"npm\"\nls requirements.txt pyproject.toml 2>/dev/null && echo \"pip\"\nls Cargo.toml 2>/dev/null && echo \"cargo\"\nls go.mod 2>/dev/null && echo \"go\"\nls Gemfile 2>/dev/null && echo \"ruby\"\n```\n\nIf multiple are found, ask: \"Found [list]. Which should I scan? (all / npm / pip / cargo / go / ruby)\"\n\n---\n\n## Step 2: Detect Outdated Packages\n\n**npm:**\n```bash\nnpm outdated --json --long 2>/dev/null | python3 -c \"\nimport sys, json\ndata = json.load(sys.stdin)\nfor name, info in data.items():\n print(json.dumps({'name': name, 'current': info.get('current','?'), 'latest': info.get('latest','?'), 'dep_type': info.get('type','dependencies')}))\n\"\n```\n\n**pip:**\n```bash\npip list --outdated --format=json 2>/dev/null | python3 -c \"\nimport sys, json\nfor p in json.load(sys.stdin):\n print(json.dumps({'name': p['name'], 'current': p['version'], 'latest': p['latest_version']}))\n\"\n```\n\n**Cargo (Rust):**\n```bash\ncargo outdated --format json 2>/dev/null || \\\n cargo outdated 2>/dev/null | grep -v \"^---\" | tail -n +3 | head -30\n# If cargo-outdated not installed: cargo install cargo-outdated\n```\n\n**Go modules:**\n```bash\ngo list -u -m -json all 2>/dev/null | python3 -c \"\nimport sys, json\ndecoder = json.JSONDecoder()\nbuf = sys.stdin.read()\npos = 0\nwhile pos < len(buf):\n try:\n obj, idx = decoder.raw_decode(buf, pos)\n if obj.get('Update'):\n print(json.dumps({'name': obj['Path'], 'current': obj['Version'], 'latest': obj['Update']['Version']}))\n pos += idx\n except: break\n\"\n```\n\n**Ruby (Bundler):**\n```bash\nbundle outdated --parseable 2>/dev/null | python3 -c \"\nimport sys\nfor line in sys.stdin:\n parts = line.strip().split()\n if len(parts) >= 4:\n print('{\\\"name\\\":\\\"' + parts[0] + '\\\",\\\"current\\\":\\\"' + parts[3].strip('()') + '\\\",\\\"latest\\\":\\\"' + parts[1] + '\\\"}')\n\"\n```\n\nIf all return empty: \"All packages are up to date.\" Stop.\n\nState count before proceeding: \"Found X outdated packages.\"\n\n---\n\n## Step 3: Classify by Risk Level\n\nParse version bump (current → latest):\n- MAJOR: first digit changed (1.x.x → 2.x.x)\n- MINOR: second digit changed (1.2.x → 1.3.x)\n- PATCH: third digit changed (1.2.3 → 1.2.4)\n\n```bash\npython3 -c \"\ndef classify(current, latest):\n try:\n c = [int(x) for x in current.lstrip('v').split('.')[:3]]\n l = [int(x) for x in latest.lstrip('v').split('.')[:3]]\n if l[0] > c[0]: return 'major'\n if len(l) > 1 and len(c) > 1 and l[1] > c[1]: return 'minor'\n return 'patch'\n except: return 'unknown'\n\"\n```\n\nState the breakdown: \"Patch: X packages. Minor: Y packages. Major: Z packages.\"\n\n---\n\n## Step 4: Security Audit\n\nRun a CVE scan before creating any PRs. This determines urgency.\n\n**npm:**\n```bash\nnpm audit --json 2>/dev/null | python3 -c \"\nimport sys, json\nd = json.load(sys.stdin)\nvulns = d.get('vulnerabilities', {})\nfor pkg, info in vulns.items():\n sev = info.get('severity', 'unknown')\n via = [v.get('title','') for v in info.get('via',[]) if isinstance(v, dict)]\n print(f' [{sev.upper()}] {pkg}: {via[0] if via else \\\"see npm audit\\\"}')\n\" 2>/dev/null || echo \"No vulnerabilities found or npm audit not available\"\n```\n\n**pip:**\n```bash\npip-audit --format=json 2>/dev/null | python3 -c \"\nimport sys, json\nfor vuln in json.load(sys.stdin):\n print(f' [{vuln.get(\\\"aliases\\\",[\\\"\\\"])[0]}] {vuln[\\\"name\\\"]} {vuln[\\\"version\\\"]}: {vuln[\\\"description\\\"][:80]}')\n\" 2>/dev/null || echo \"pip-audit not installed. Run: pip install pip-audit\"\n```\n\n**Cargo:**\n```bash\ncargo audit 2>/dev/null | grep -E \"^(ID|Package|Severity|URL)\" | head -30 \\\n || echo \"cargo-audit not installed. Run: cargo install cargo-audit\"\n```\n\n**Escalation rule:** If a PATCH or MINOR update has a Critical or High CVE, promote it to MAJOR priority: it gets its own PR and the CVE details go in the PR body.\n\nReport security findings before proceeding:\n```\nSecurity audit: [N] vulnerabilities found\n [CRITICAL] lodash 4.17.19: Prototype Pollution (CVE-2021-23337)\n [HIGH] axios 0.21.1: Server-Side Request Forgery (CVE-2021-3749)\n```\n\nIf no vulnerabilities: \"Security audit: clean.\"\n\n---\n\n## Step 5: Fetch Changelogs\n\nFor each package, try sources in order. Stop at first that returns content.\n\n**Source 1: GitHub Releases API**\n\nGet repo URL from registry:\n```bash\n# npm\ncurl -s \"https://registry.npmjs.org/{PACKAGE}/latest\" \\\n | python3 -c \"import sys,json; d=json.load(sys.stdin); r=d.get('repository',{}); print(r.get('url','') if isinstance(r,dict) else str(r))\"\n\n# pip\ncurl -s \"https://pypi.org/pypi/{PACKAGE}/json\" \\\n | python3 -c \"import sys,json; d=json.load(sys.stdin); print(d.get('info',{}).get('home_page','') or d.get('info',{}).get('project_urls',{}).get('Source',''))\"\n```\n\nFetch last 5 releases:\n```bash\nAUTH_HEADER=\"\"\n[ -n \"$GITHUB_TOKEN\" ] && AUTH_HEADER=\"-H \\\"Authorization: Bearer $GITHUB_TOKEN\\\"\"\ncurl -s $AUTH_HEADER \\\n \"https://api.github.com/repos/{OWNER}/{REPO}/releases?per_page=5\" \\\n | python3 -c \"import sys,json; [print(json.dumps({'tag':r.get('tag_name',''),'body':r.get('body','')[:1500]})) for r in json.load(sys.stdin)]\"\n```\n\nKeep releases between current and latest version only.\n\n**Source 2: npm registry README (fallback)**\n```bash\ncurl -s \"https://registry.npmjs.org/{PACKAGE}\" \\\n | python3 -c \"import sys,json; print(json.load(sys.stdin).get('readme','')[:3000])\"\n```\n\n**Source 3: PyPI description (last resort for pip)**\n```bash\ncurl -s \"https://pypi.org/pypi/{PACKAGE}/json\" \\\n | python3 -c \"import sys,json; print(json.load(sys.stdin).get('info',{}).get('description','')[:2000])\"\n```\n\nIf no source returns content: note \"No changelog found\" and continue.\n\n---\n\n## Step 6: Summarize with Gemini\n\nOne request per risk group. Include security findings for any CVE-affected packages:\n\n```bash\ncat > /tmp/deps-summary-request.json << 'ENDJSON'\n{\n \"system_instruction\": {\n \"parts\": [{\n \"text\": \"You are a developer writing a GitHub PR description for a dependency update. Given a list of packages being updated and their raw changelog content, write a concise PR body in Markdown. Rules: For each package, list only what changed between the OLD version and the NEW version. Use bullet points. Flag breaking changes with a BREAKING prefix. Flag CVE fixes with a SECURITY prefix and include the CVE ID. Keep each package section to 3-5 bullets maximum. If no changelog was found for a package, write 'No changelog available.' Do not use em dashes. Do not use these words: seamless, robust, leverage, transform, innovative. Output only the Markdown PR body, no commentary.\"\n }]\n },\n \"contents\": [{\n \"parts\": [{\n \"text\": \"PACKAGES_AND_CHANGELOGS_HERE\"\n }]\n }],\n \"generationConfig\": {\n \"temperature\": 0.2,\n \"maxOutputTokens\": 2048\n }\n}\nENDJSON\n\ncurl -s -X POST \\\n \"https://generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash:generateContent?key=$GEMINI_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d @/tmp/deps-summary-request.json \\\n | python3 -c \"import sys,json; d=json.load(sys.stdin); print(d['candidates'][0]['content']['parts'][0]['text'])\"\n```\n\n---\n\n## Step 7: Create PRs\n\nOne PR per non-empty risk group. One PR per package for major updates (individual review required).\n\n**1. Create branch:**\n```bash\nBRANCH=\"deps/{RISK}-updates-$(date +%Y%m%d)\"\ngit checkout -b \"$BRANCH\"\n```\n\n**2. Update package file:**\n\nnpm:\n```bash\nnpm install {package}@{latest_version} --save-exact\n# devDependencies:\nnpm install {package}@{latest_version} --save-dev --save-exact\n```\n\npip:\n```bash\npython3 -c \"\nimport re, sys\npkg, version, filename = sys.argv[1], sys.argv[2], sys.argv[3]\nwith open(filename) as f: content = f.read()\npattern = rf'^{re.escape(pkg)}[>= /tmp/dep-pr-body-{RISK}.md << 'ENDMD'\nPR_BODY_FROM_GEMINI\nENDMD\n\ngh pr create \\\n --title \"chore(deps): update {RISK} dependencies\" \\\n --body-file /tmp/dep-pr-body-{RISK}.md \\\n --label \"dependencies\" \\\n --base main\n```\n\nMajor updates get label `dependencies,breaking-change`. CVE-fixing updates get label `dependencies,security`.\n\nAfter each PR, return to main: `git checkout main`\n\n---\n\n## Step 8: Diagnosis Mode\n\n**Trigger:** If any package install command fails mid-run, enter Diagnosis Mode instead of stopping.\n\nDetect the failure type:\n\n| Error pattern | Likely cause | Suggested fix |\n|---------------|-------------|--------------|\n| `peer dep conflict` | Peer dependency incompatibility | Show conflicting pair, suggest `--legacy-peer-deps` flag or downgrade |\n| `ERESOLVE` | npm resolution conflict | Run `npm install --legacy-peer-deps` for the affected package only |\n| `version not found` | Version does not exist in registry | Check registry with `npm view {pkg} versions` |\n| `python requires` | Python version incompatibility | Note required Python version, skip package |\n| `cargo E0463` | Rust edition incompatibility | Flag for manual review |\n\nPresent a diagnosis summary:\n```\nInstall failed for {package}: {error type}\nLikely cause: {explanation}\nSuggested fix: {specific command or action}\nRemaining packages: proceeding with {N} that succeeded.\n```\n\nDo not stop the entire run when one package fails. Continue with packages that succeed.\n\n---\n\n## Step 9: Output Summary\n\n```\n## Dependency Update Summary: [YYYY-MM-DD]\n\n### Security\n[CRITICAL] lodash: CVE-2021-23337 fixed in 4.17.21: PR #42\n[HIGH] axios: CVE-2021-3749 fixed in 0.21.4: PR #42\n\n| Risk Level | Packages | PR |\n|------------|----------|-----|\n| Patch | lodash 4.17.19→4.17.21, axios 0.21.1→0.21.4 | #42 |\n| Minor | express 4.17.1→4.18.2 | #43 |\n| Major | react 17.0.2→18.2.0 | #44 |\n\nPRs opened: 3\n\nPackages with no changelog: some-obscure-pkg (no GitHub repo in registry)\nInstall failures: none\n\nNext action: Review major update PRs individually before merging.\n```","tags":["dependency","update","bot","opendirectory","varnan-tech","agent-skills","gtm","hermes-agent","openclaw-skills","skills","technical-seo"],"capabilities":["skill","source-varnan-tech","skill-dependency-update-bot","topic-agent-skills","topic-gtm","topic-hermes-agent","topic-openclaw-skills","topic-skills","topic-technical-seo"],"categories":["opendirectory"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/Varnan-Tech/opendirectory/dependency-update-bot","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add Varnan-Tech/opendirectory","source_repo":"https://github.com/Varnan-Tech/opendirectory","install_from":"skills.sh"}},"qualityScore":"0.511","qualityRationale":"deterministic score 0.51 from registry signals: · indexed on github topic:agent-skills · 123 github stars · SKILL.md body (11,251 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-02T00:55:49.562Z","embedding":null,"createdAt":"2026-04-18T22:18:26.001Z","updatedAt":"2026-05-02T00:55:49.562Z","lastSeenAt":"2026-05-02T00:55:49.562Z","tsv":"'+3':328 '-1':138 '-2021':744,755,1535,1545 '-23337':745,1536 '-30':330,682 '-3749':756,1546 '-5':1071 '/dev/null':136,194,201,207,213,219,251,288,319,323,352,401,568,614,632,656,674 '/json':825,943 '/latest':796 '/pypi/':823,941 '/releases':874 '/repos/':871 '/tmp/dep-pr-body-':1327,1348 '/tmp/deps-summary-request.json':989,1135 '/v1beta/models/gemini-2.0-flash:generatecontent?key=$gemini_api_key':1128 '0':363,420,510,512,606,647,1147,1150 '0.2':1118 '0.21.1':748,1561 '0.21.4':1549,1562 '1':106,427,462,518,522,525,527,781,1174,1227 '1.2':470 '1.2.3':478 '1.2.4':479 '1.3':472 '1500':892 '17.0.2':1571 '18.2.0':1572 '2':135,193,200,206,212,218,240,250,287,318,322,351,400,464,567,613,631,655,673,907,1190,1229 '2000':956 '2048':1120 '3':423,448,497,507,929,1070,1231,1304,1576 '3000':927 '4':416,548,1322 '4.17.1':1566 '4.17.19':740,1558 '4.17.21':1539,1559 '4.18.2':1567 '42':1541,1551,1563 '43':1568 '44':1573 '5':764,850,877 '6':969 '60/hour':131 '7':1153 '8':1381 '80':654 '9':1521 'action':1497,1594 'actual':84 'add':162,1308 'affect':985,1440 'aistudio.google.com':161 'alias':646 'api':112,115,145,154,784 'api.github.com':870 'api.github.com/repos/':869 'application/json':1133 'ask':47,226 'audit':21,60,550,565,612,621,628,660,668,672,686,694,734,761 'auth':133,184,853,858,867 'authent':142,172,181 'author':861 'avail':623,1085 'axio':747,1543,1560 'b':1188 'base':1353 'bash':109,190,245,281,313,344,396,480,563,625,670,790,852,912,936,987,1177,1195,1217,1276,1289,1299,1306,1325 'bearer':862 'bodi':727,889,891,1024,1106,1332,1346 'body-fil':1345 'bot':4,52 'branch':1176,1178,1189 'break':25,64,393,1047,1051,1361 'breakdown':537 'breaking-chang':1360 'buf':360,367,373 'bullet':1044,1072 'bump':455 'bundl':397,1300 'bundler':395 'c':253,290,354,403,482,488,511,521,526,570,634,798,827,879,918,945,1137,1219 'candid':1146 'cannot':95 'cargo':12,209,236,311,314,320,333,337,340,669,671,685,690,693,1275,1285,1470 'cargo-audit':684,692 'cargo-outd':332,339 'cargo.toml':205,1278 'cat':988,1326 'caus':1407,1490 'chang':26,65,461,469,477,1034,1048,1362 'changelog':23,62,94,125,766,964,1018,1076,1084,1114,1580 'check':108,1452 'checkout':1187,1378 'chore':1313,1340 'classifi':449,484 'clean':762 'cli':178 'command':83,1389,1495 'commentari':1108 'commit':1305,1311 'concis':1022 'conflict':44,1412,1417,1430 'content':104,779,961,1019,1109,1131,1148,1237,1245,1251,1257,1258,1260,1261,1271 'content-typ':1130 'continu':967,1515 'count':440 'creat':556,1154,1175,1323,1338 'critic':72,705,738,1532 'curl':792,819,865,913,937,1122 'current':269,271,304,383,421,456,485,901 'current.lstrip':494 'cve':19,553,708,721,743,754,984,1054,1063,1364,1534,1544 'cve-affect':983 'cve-fix':1363 'd':574,802,831,1134,1141,1145,1185,1321 'd.get':578,806,835,841 'dash':1090 'data':257 'data.items':264 'date':437,1182,1318 'dd':1530 'decod':358,372 'decoder.raw':371 'def':483 'dep':275,1179,1314,1341,1411,1423,1437 'depend':2,50,279,1006,1317,1344,1352,1359,1369,1414,1524 'dependency-update-bot':1 'descript':653,931,955,1003 'detail':722 'detect':186,241,1400 'determin':560 'dev':1212 'devdepend':1204 'develop':998 'diagnosi':40,1382,1395,1481 'dict':600,814 'digit':460,468,476 'downgrad':1426 'e':676 'e0463':1471 'echo':110,118,139,195,202,208,214,220,615,657,683 'edit':1277,1473 'els':609,815 'em':1089 'empti':431,1161 'endjson':990,1121 'endmd':1330,1335 'enter':1394 'entir':1509 'env':166 'eresolv':1427 'error':1404,1487 'escal':695 'exact':1203,1215 'except':392,532 'exist':1449 'explan':1491 'express':1565 'f':602,644,1236,1248,1262 'f.read':1238 'fail':1390,1484,1514 'failur':1402,1591 'fallback':911 'fetch':22,61,97,126,765,848 'field':1280 'file':167,1193,1347 'filenam':1225,1234,1267 'find':730,980 'first':459,776 'fix':1055,1365,1409,1493,1537,1547 'flag':1046,1053,1252,1424,1475 'forgeri':753 'format':285,316,629 'found':225,227,443,618,737,965,1078,1445 'gap':100 'gem':1302 'gemfil':217 'gemini':28,111,114,144,153,972,1334 'generationconfig':1116 'generativelanguage.googleapis.com':1127 'generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash:generatecontent?key=$gemini_api_key':1126 'get':158,715,785,837,843,846,925,952,954,1291,1357,1367 'gh':132,140,169,183,1336 'git':1186,1307,1310,1377 'github':119,121,177,782,856,863,1001,1586 'given':1008 'go':13,215,237,342,345,723,1288,1290,1295 'go.mod':211 'grep':324,675 'group':35,71,977,1163 'guess':87 'h':860,1129 'head':137,329,681 'header':854,859,868 'high':707,746,1542 'home':838 'id':677,1064 'idx':370,391 'import':254,291,355,404,571,635,799,828,880,919,946,1138,1220 'includ':39,978,1061 'incompat':1415,1463,1474 'individu':1171,1599 'info':262,582,836,842,953 'info.get':270,273,277,586,595 'innov':1100 'instal':43,336,338,662,665,688,691,1197,1206,1388,1433,1483,1590 'instead':1397 'instruct':992 'int':489,499 'invent':89,103 'isinst':598,812 'json':248,256,286,293,317,349,357,566,573,630,637,801,830,882,921,948,1140 'json.dumps':266,300,379,884 'json.jsondecoder':359 'json.load':258,297,575,641,803,832,896,923,950,1142 'keep':898,1065 'key':113,116,146,155 'l':498,509,517,524 'label':1351,1358,1368 'last':849,932 'latest':272,274,307,309,386,425,457,486,903,1199,1208,1273,1293 'latest.lstrip':504 'legaci':1421,1435 'legacy-peer-dep':1420,1434 'len':366,414,516,520 'level':452,1553 'leverag':1098 'like':1406,1489 'limit':129 'line':407 'line.strip':411 'list':228,283,346,1010,1031 'lodash':739,1533,1557 'login':185 'long':249 'ls':191,197,204,210,216 'm':348,1184,1312,1320 'main':1354,1376,1379 'major':38,458,514,544,712,1169,1355,1569,1596 'manag':80,188 'manual':1477 'markdown':1026,1104 'maximum':1073 'maxoutputtoken':1119 'md':1329,1350 'merg':1601 'mid':1392 'mid-run':1391 'minor':37,466,529,541,701,1564 'miss':148 'mm':1529 'mod':1296 'mode':41,1383,1396 'modul':343,1292 'multipl':223 'must':179 'n':327,735,855,1263,1502 'name':261,267,268,301,303,380,418,649,888,1303 'never':86 'new':1041,1244,1256,1259,1270 'next':1593 'non':1160 'non-empti':1159 'none':1592 'note':98,962,1464 'npm':10,196,234,244,246,562,564,611,620,791,908,1194,1196,1205,1428,1432,1455 'number':91 'obj':369,381,384,387 'obj.get':376 'obscur':1583 'old':1037 'one':31,67,973,1156,1164,1512 'open':30,66,1233,1266,1575 'order':773 'outdat':9,55,82,242,247,284,315,321,334,341,398,445 'output':1101,1522 'owner':872 'p':295,302,305,308 'packag':16,56,76,79,187,243,433,446,540,543,546,678,769,795,824,916,942,986,1012,1030,1067,1081,1112,1167,1192,1198,1207,1272,1283,1287,1387,1441,1469,1486,1499,1513,1517,1554,1577 'package.json':192 'page':839,876 'pair':1418 'pars':453 'parseabl':399 'part':410,415,419,422,426,993,1110,1149 'patch':36,474,531,538,699,1556 'path':382 'pattern':1239,1247,1405 'peer':1410,1413,1422,1436 'per':33,69,875,975,1158,1166 'pip':11,203,235,280,282,624,627,659,664,667,818,935,1216 'pip-audit':626,658,666 'pkg':581,604,1223,1242,1249,1264,1457,1584 'point':1045 'pollut':742 'pos':362,365,374,390 'post':1125 'pr':32,68,718,726,1002,1023,1105,1157,1165,1324,1331,1337,1373,1540,1550,1555 'prefix':1052,1059 'present':1479 'print':265,299,378,417,601,643,808,834,883,922,949,1144 'prioriti':713 'proceed':442,732,1500 'project':7,844 'promot':709 'prototyp':741 'prs':558,1155,1574,1598 'pypi':930 'pypi.org':822,940 'pypi.org/pypi/':821,939 'pyproject.toml':199 'python':1459,1461,1466 'python3':252,289,353,402,481,569,633,797,826,878,917,944,1136,1218 'r':805,813,817,894 'r.get':809,886,890 'rate':128 'rate-limit':127 'rather':101 'raw':1017 're':1221 're.escape':1241 're.ignorecase':1254 're.multiline':1253 're.sub':1246 'react':1570 'readm':910,926 'registri':789,909,1451,1453,1589 'registry.npmjs.org':794,915 'releas':783,851,899 'remain':1498 'repo':786,873,1587 'report':85,728 'repositori':807 'request':752,974 'requir':157,1173,1460,1465 'requirements.txt':198,1274 'resolut':1429 'resort':933 'return':430,513,528,530,533,778,960,1374 'review':1172,1478,1595 'rf':1240 'risk':34,70,451,976,1162,1180,1316,1328,1343,1349,1552 'robust':1097 'rubi':15,221,238,394,1298 'rule':73,696,1027 'run':17,57,182,551,663,689,1393,1431,1510 'rust':312,1472 'save':1202,1211,1214 'save-dev':1210 'save-exact':1201,1213 'scan':5,53,232,554 'seamless':1096 'second':467 'section':1068 'secur':20,59,549,729,733,760,979,1058,1370,1531 'see':610 'server':750 'server-sid':749 'set':117,124 'setup':107 'sev':585 'sev.upper':603 'sever':587,679 'show':1416 'side':751 'skill' 'skill-dependency-update-bot' 'skip':1468 'some-obscure-pkg':1581 'sourc':771,780,847,906,928,959 'source-varnan-tech' 'specif':1494 'split':412,496,506 'state':439,535 'status':134 'step':105,239,447,547,763,968,1152,1380,1520 'stop':149,173,438,774,1399,1507 'str':816 'strip':424 'succeed':1504,1519 'suggest':1408,1419,1492 'summar':24,63,970 'summari':1482,1523,1526 'sys':255,292,356,405,572,636,800,829,881,920,947,1139,1222 'sys.argv':1226,1228,1230 'sys.stdin':259,298,409,576,642,804,833,897,924,951,1143 'sys.stdin.read':361 'system':991 'tag':885,887 'tail':326 'tell':150,174 'temperatur':1117 'text':994,1111,1151 'third':475 'tidi':1297 'titl':591,1339 'token':120,122,857,864 'topic-agent-skills' 'topic-gtm' 'topic-hermes-agent' 'topic-openclaw-skills' 'topic-skills' 'topic-technical-seo' 'transform':1099 'tri':368,487,770 'trigger':1384 'type':276,278,1132,1403,1488 'u':49,347 'unknown':534,588 'updat':3,51,75,377,388,702,1007,1014,1170,1181,1191,1286,1301,1315,1342,1356,1366,1525,1597 'urgenc':561 'url':680,787,810,845 'use':45,1043,1088,1093 'user':152,176 'v':325,495,505,593,599 'v.get':590 'version':90,306,310,385,389,454,651,904,1038,1042,1200,1209,1224,1250,1265,1279,1294,1443,1446,1458,1462,1467 'via':589,596,605,608 'view':1456 'vuln':577,639,648,650,652 'vuln.get':645 'vulner':579,617,736,759 'vulns.items':584 'w':1268 'word':1095 'write':999,1020,1082,1269 'x':444,471,473,490,492,500,502,539,1124 'x.x':463,465 'y':542,1183,1319 'yyyi':1528 'yyyy-mm-dd':1527 'z':545","prices":[{"id":"332da2cb-1d65-47df-b159-19f7ed5390ce","listingId":"72f20ab1-6f71-4fe9-8a1e-605d8d169fcf","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"Varnan-Tech","category":"opendirectory","install_from":"skills.sh"},"createdAt":"2026-04-18T22:18:26.001Z"}],"sources":[{"listingId":"72f20ab1-6f71-4fe9-8a1e-605d8d169fcf","source":"github","sourceId":"Varnan-Tech/opendirectory/dependency-update-bot","sourceUrl":"https://github.com/Varnan-Tech/opendirectory/tree/main/skills/dependency-update-bot","isPrimary":false,"firstSeenAt":"2026-04-18T22:18:26.001Z","lastSeenAt":"2026-05-02T00:55:49.562Z"}],"details":{"listingId":"72f20ab1-6f71-4fe9-8a1e-605d8d169fcf","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"Varnan-Tech","slug":"dependency-update-bot","github":{"repo":"Varnan-Tech/opendirectory","stars":123,"topics":["agent-skills","gtm","hermes-agent","openclaw-skills","skills","technical-seo"],"license":null,"html_url":"https://github.com/Varnan-Tech/opendirectory","pushed_at":"2026-04-30T18:54:05Z","description":" AI Agent Skills built for GTM, Technical Marketing, and growth automation.","skill_md_sha":"e58356b1a37ab7ab5447964922fe36dd6b79ed1d","skill_md_path":"skills/dependency-update-bot/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/Varnan-Tech/opendirectory/tree/main/skills/dependency-update-bot"},"layout":"multi","source":"github","category":"opendirectory","frontmatter":{"name":"dependency-update-bot","description":"Scans your project for outdated npm, pip, Cargo, Go, or Ruby packages. Runs a CVE security audit. Fetches changelogs, summarizes breaking changes with Gemini, and opens one PR per risk group (patch, minor, major). Includes Diagnosis Mode for install conflicts. Use when asked to update dependencies, check for outdated packages, open dependency PRs, scan for package updates, audit for CVEs, or flag breaking changes in upgrades. Trigger when a user says \"check for outdated packages\", \"update my dependencies\", \"open PRs for dependency updates\", \"scan for CVEs\", or \"which packages need upgrading\".","compatibility":"[claude-code, gemini-cli, github-copilot]"},"skills_sh_url":"https://skills.sh/Varnan-Tech/opendirectory/dependency-update-bot"},"updatedAt":"2026-05-02T00:55:49.562Z"}}