What Is a Dependency Scan?
OpenClaw's dependency scan skill monitors your project's package.json, requirements.txt, Gemfile, or similar manifests for outdated or vulnerable packages and alerts you via your connected messaging channel.
Common Failure Types
No Manifest Found
Error:
No package manifest found in workspaceMake sure the workspace path in config.yaml points to the correct project directory containing your dependency file:
workspace:
path: "/path/to/your/project"npm audit / pip-audit Not Installed
The scan skill requires the relevant package audit tool to be available on the system PATH. Install as needed:
# Node.js projects — npm is bundled with Node
npm --version
# Python projects
pip install pip-auditNetwork Timeout During Advisory Fetch
Dependency advisories are fetched from public registries. Ensure the machine running OpenClaw has outbound internet access. If behind a corporate proxy, set:
export HTTPS_PROXY=http://your.proxy:8080Scan Runs But No Alerts Received
- Check your messaging channel is connected:
openclaw channels list - Verify the skill is scheduled:
openclaw skills list - Run a manual scan to test:
openclaw run dependency-scan
Security Overview
Learn how OpenClaw keeps your stack secure.