← Back to Skills Marketplace
92
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install bp-audit
Description
提供BP目标的合规性、上下承接和GAP分析审计,支持任务树、目标详情及相关数据查询。
README (SKILL.md)
bp-audit — BP 目标审计
版本: v1.0
描述: 为 AI Agent 提供 BP(Business Plan)目标审计能力,支持合规性检查、上下承接对齐分析、GAP 分析
能力概览
本 Skill 提供 AI Agent 审计 BP 目标管理所需的完整能力:
| 能力模块 | 功能 | 接口数 |
|---|---|---|
| 周期与分组 | 获取启用周期、分组树、员工分组 | 3 |
| 任务查询 | 查询任务树、目标/KR/KI 详情 | 4 |
| 汇报查询 | 分页查询任务关联汇报 | 1 |
| 搜索能力 | 按名称搜索任务/分组 | 2 |
审计能力模块
本 Skill 支持四大审计场景:
| 审计模块 | 核心能力 | 触发示例 |
|---|---|---|
| BP 合规性审计 | 检查 Goal+KR+KI 结构完整性、内容质量、逻辑自洽 | "审计这个 BP 是否符合规范" |
| 向上承接审计 | 检查与上级目标的对齐正确性和完整性 | "检查和上级目标的承接情况" |
| 向下承接审计 | 检查下级任务的覆盖完整性、数值覆盖率 | "看下级任务承接得怎么样" |
| GAP 分析 | 拉通上下级差异,识别承接差/执行差/逻辑差 | "做一下 GAP 分析" |
模块路由
当用户意图匹配以下场景时,加载对应模块:
| 用户意图 | 路由模块 | 触发示例 |
|---|---|---|
| "获取启用周期" | audit/period |
"当前启用的 BP 周期是哪个?" |
| "获取分组树" | audit/group |
"查看技术中心的分组结构" |
| "获取员工分组" | audit/employee-group |
"获取这些员工的分组 ID" |
| "查询任务树" | audit/task-tree |
"查看张三的目标树" |
| "获取目标详情" | audit/goal-detail |
"获取这个目标的完整信息" |
| "获取 KR 详情" | audit/kr-detail |
"查看关键成果的详情" |
| "获取 KI 详情" | audit/action-detail |
"查看关键举措的详情" |
| "查询汇报" | audit/reports |
"查看这个任务的汇报记录" |
| "搜索任务/分组" | audit/search |
"搜索包含'全栈'的任务" |
宪章
AI Agent 优先:所有接口设计和描述都以 AI Agent 为使用对象,语言简洁、参数明确。
审计导向:接口组织围绕审计场景(合规性→承接→GAP),而非简单罗列 API。
数据完整:返回数据包含完整的上下级对齐信息(upwardTaskList/downTaskList),支持承接分析。
工作流
用户请求 → 意图识别 → 加载模块 → 调用接口 → 审计分析 → 返回结果
标准审计流程
- 获取启用周期 → 调用
4.1 查询周期列表,筛选status=1 - 获取目标分组 → 调用
4.2 获取分组树或4.3 批量查询员工分组 ID - 获取任务数据 → 调用
4.4 查询任务树+4.5/4.6/4.7 详情接口 - 执行审计 → 基于返回数据进行四大模块分析
- 输出报告 → 结构化呈现审计结果
加载规则
- 默认不加载:本 Skill 不会在会话启动时自动加载
- 按需加载:当用户请求匹配审计场景时,动态加载对应模块
- 认证前置:首次调用前必须先完成认证(见
common/auth.md)
能力树
bp-audit/
├── SKILL.md # 本文件
├── common/
│ ├── auth.md # 认证规范
│ └── conventions.md # 通用约束
├── openapi/
│ ├── common/
│ │ └── appkey.md # Token 交换接口
│ └── audit/
│ ├── api-index.md # 审计模块接口索引
│ ├── get-periods.md # 查询周期列表
│ ├── get-group-tree.md # 获取分组树
│ ├── get-employee-groups.md # 批量查询员工分组 ID
│ ├── get-task-tree.md # 查询任务树
│ ├── get-goal-detail.md # 获取目标详情
│ ├── get-kr-detail.md # 获取关键成果详情
│ ├── get-action-detail.md # 获取关键举措详情
│ ├── get-reports.md # 分页查询汇报
│ └── search.md # 搜索任务/分组
├── examples/
│ └── audit/
│ └── README.md # 审计场景使用示例
└── scripts/
└── audit/
└── README.md # 脚本清单(无脚本)
依赖
- 认证:
appKey(见common/auth.md) - 网络:需要能访问 API 域名
cwork-web-test.xgjktech.com.cn
审计检查点参考
1. BP 合规性(基础)
- 结构完整性:必须包含 Goal + KR + KI
- 内容质量:描述具体、可衡量、有行动指向
- 逻辑自洽:KI 能否推导出 KR 达成
2. 向上承接
- 对齐正确性:目标+KR+KI 完整结构支撑上级意图
- 对齐完整性:无选择性承接、无职责盲区
3. 向下承接
- 正确性:下级目标对应本级 KI
- 完整性:无部分悬空、无协作断裂
- 数值覆盖率:收入/利润等指标的缺口分析
4. GAP 分析
- 承接差:核心点是否层层衰减
- 执行差:下级汇总能否支撑本级目标
- 逻辑差:口径是否一致、有无理解断层
Usage Guidance
This skill appears to do what it says (calling corporate BP audit APIs) but there are a few practical concerns to consider before enabling it: 1) Authentication: the skill needs an appKey / CWork Key and may read XG_USER_TOKEN from the environment or prompt you to enter a CWork Key to exchange for an access token — do not provide long-lived or unrelated secrets. 2) Metadata mismatch: the registry entry did not declare required env vars (XG_USER_TOKEN or appKey), so the skill may prompt for credentials unexpectedly; treat prompts for keys as sensitive. 3) Network access: it calls a specific corporate domain (cwork-web-test.xgjktech.com.cn and an auth host cwork-web.mediportal.com.cn); only enable this skill if you trust those domains and they belong to your organization. 4) Data sensitivity: the APIs return employee/group/task/report data (IDs, names, report content). Confirm you are comfortable exposing that data to the agent and that the agent will follow the stated 'do not log or persist tokens' guidance. 5) If you need higher assurance, ask the publisher to (a) declare required env vars/primary credential in the registry metadata, (b) provide a trustworthy homepage/source, or (c) provide an allowlist of exact endpoints and scopes used. If you cannot verify the endpoints or provenance, avoid supplying org credentials.
Capability Analysis
Type: OpenClaw Skill
Name: bp-audit
Version: 1.0.0
The bp-audit skill bundle is a well-documented set of API definitions and instructions designed for auditing Business Plans (BP). It contains no executable scripts, and its instructions in SKILL.md and README.md are strictly aligned with its stated purpose of compliance and alignment analysis. The bundle includes proactive security measures in common/conventions.md and common/auth.md, such as prohibiting the logging or display of access tokens and sensitive internal IDs, and restricting network calls to specific business domains (cwork-web-test.xgjktech.com.cn).
Capability Assessment
Purpose & Capability
The skill's name/description (BP/Business Plan audit) matches the provided OpenAPI docs and SKILL.md: all interfaces are BP-related (periods, groups, task trees, goal/KR/KI details, reports, search). There are no unrelated APIs or binaries requested.
Instruction Scope
Runtime instructions specify calling the listed BP APIs on the cwork-web-test.xgjktech.com.cn domain and require an authentication step (common/auth.md). The auth guidance will read XG_USER_TOKEN from the environment or attempt to extract tokens from context or else prompt the user for a CWork Key and exchange it for xgToken. That is expected for this integration, but SKILL.md relies on reading context/env for tokens (sensitive data), so agents must follow the stated 'do not store token on disk' rules.
Install Mechanism
Instruction-only skill with no install spec and no scripts to execute — lowest install risk. All behavior is API-calling described in docs; no third-party package downloads or archive extraction.
Credentials
The skill documentation clearly requires an appKey/CWork Key and prefers an XG_USER_TOKEN environment variable, yet the registry metadata lists no required env vars or primary credential. This metadata omission is an inconsistency: the skill will need a credential to function and may read XG_USER_TOKEN from the environment or ask the user to supply a CWork Key. Apart from that, it does not request unrelated cloud keys or broad system credentials.
Persistence & Privilege
No 'always' privilege, user-invocable only, no persistent install or scripts that modify other skills or system config. The skill's auth rules explicitly forbid writing tokens to disk and recommend in-memory/session caching.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install bp-audit - After installation, invoke the skill by name or use
/bp-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
bp-audit v1.0.0 — Initial Release
- Introduces BP(Business Plan)目标审计专用能力,覆盖合规性、上下承接、GAP 分析四大审计场景。
- 提供周期、分组、任务树、目标详情、KR/KI 详情、汇报、搜索等功能,全部接口围绕审计场景组织。
- 明确模块路由及触发示例,动态按需加载,需认证后方可使用。
- 完整记录标准审计流程、能力树以及详细审计检查项。
- 设计满足 AI Agent,数据返回自带上下级承接信息,支持结构化输出审计结果。
Metadata
Frequently Asked Questions
What is Bp Audit?
提供BP目标的合规性、上下承接和GAP分析审计,支持任务树、目标详情及相关数据查询。 It is an AI Agent Skill for Claude Code / OpenClaw, with 92 downloads so far.
How do I install Bp Audit?
Run "/install bp-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Bp Audit free?
Yes, Bp Audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Bp Audit support?
Bp Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Bp Audit?
It is built and maintained by spzwin (@spzwin); the current version is v1.0.0.
More Skills