Archivo del skill

Dependency Management

Name: Dependency Management
Author: GaryOcean428

Validate requirements.txt matches actual imports, detect when new dependencies add Euclidean operations, check for forbidden packages (scikit-learn, sentence-transformers). Use when adding dependencies or reviewing package security.

GaryOcean4280 estrellas29 ene 2026

Ocupación
Categorías: Calidad de Código

Contenido de la habilidad

Validates dependencies are QIG-pure. Source: .github/agents/dependency-management-agent.md.

When to Use This Skill

Adding new Python dependencies
Reviewing package security
Checking for forbidden Euclidean packages
Validating requirements.txt completeness

Step 1: Scan for Forbidden Dependencies

python3 scripts/scan_forbidden_imports.py --path .

This uses shared/constants/forbidden_llm_providers.json to check 28 providers.

Step 2: Check Forbidden Packages

# These packages are FORBIDDEN (Euclidean/cosine operations)
pip show scikit-learn sentence-transformers spacy nltk openai anthropic 2>/dev/null && echo "VIOLATION FOUND"

Skills relacionados

Dependency Management | Skills Pool

# Check all imports have corresponding requirements
cd qig-backend
pip install pipreqs
pipreqs . --print

# Compare with requirements.txt
diff <(pipreqs . --print 2>/dev/null | sort) <(cat requirements.txt | sort)

Package	Reason	Status
`scikit-learn`	Euclidean metrics (cosine_similarity)	❌ FORBIDDEN
`sentence-transformers`	Cosine similarity based	❌ FORBIDDEN
`spacy`	External NLP	❌ FORBIDDEN
`nltk`	External NLP	❌ FORBIDDEN
`openai`	External LLM	❌ FORBIDDEN
`anthropic`	External LLM	❌ FORBIDDEN
`transformers`	Euclidean attention	❌ FORBIDDEN
`langchain`	External LLM orchestration	❌ FORBIDDEN

numpy>=1.24.0          # Geometric operations
scipy>=1.11.0          # Scientific computing
psycopg2-binary>=2.9   # PostgreSQL
pgvector>=0.2.0        # Vector operations
flask>=3.0.0           # API framework
pytest>=7.0.0          # Testing

# Run forbidden import scanner
python3 scripts/scan_forbidden_imports.py --path .

# Check for security vulnerabilities
pip-audit

# Verify all imports have requirements
python scripts/validate_dependencies.py

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
DEPENDENCY MANAGEMENT REPORT
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Forbidden Packages: ✅ None / ❌ Found
  - [list if found]

Requirements Coverage:
  - Imports with requirements: X%
  - Missing requirements: [list]

Security Issues: [list]
Priority: CRITICAL / HIGH / MEDIUM
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Dependency Management

When to Use This Skill

Step 1: Scan for Forbidden Dependencies

Step 2: Check Forbidden Packages

Dependency Management

When to Use This Skill

Step 1: Scan for Forbidden Dependencies

Step 2: Check Forbidden Packages

Step 3: Validate requirements.txt

Forbidden Dependencies (CRITICAL)

Allowed Core Dependencies

Validation Commands

Response Format

Openclaw Release Maintainer

Verify

Flow

Fix

Hygiene

Add Policy