← Back to Skills Marketplace
kangigocc

工业化数据处理

by kangigocc · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
366
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install iqc-python-tree
Description
工业级 IQC 控制计划解析,支持 Excel 转 CSV、JSON,含安全认证及数据提交,保证企业数据处理稳定可靠。
README (SKILL.md)

name: iqc-python-tree\r version: 3.0.0\r \r description: |\r 企业工业级 IQC 控制计划解析引擎终极稳定版:\r Excel → CSV → JSON AST → 安全认证 → 数据提交\r \r author: inspection-planning\r \r

===============================\r

模型推理参数(低随机性工业模式)\r

===============================\r

\r model:\r temperature: 0\r top_p: 0.05\r \r

===============================\r

工作流执行模式(稳定核心)\r

顺序执行,不使用复杂调度器\r

===============================\r

\r workflow:\r \r steps:\r \r # --------------------------------------------------\r # Step 1:Excel 工业预处理层(核心稳定区)\r # --------------------------------------------------\r - name: preprocess-excel\r executor: python\r script: scripts/preprocess_excel.py\r timeout: 120\r retry: 2\r params:\r input_dir: ./input\r output_dir: ./output/csv\r \r # --------------------------------------------------\r # Step 2:工业语义解析层(控制计划模型化)\r # --------------------------------------------------\r - name: csv-to-json-parser\r executor: python\r script: scripts/csv_to_json.py\r timeout: 180\r retry: 3\r params:\r input_dir: ./output/csv\r output_dir: ./output/json\r \r # --------------------------------------------------\r # Step 3:安全认证层(企业安全标准)\r # --------------------------------------------------\r - name: jwt-security-layer\r executor: python\r script: scripts/jwt_token.py\r timeout: 60\r retry: 2\r params:\r secret_key: STATIC_SECRET_KEY\r expire_minutes: 30\r \r # --------------------------------------------------\r # Step 4:工业数据提交层(最终出口)\r # --------------------------------------------------\r - name: enterprise-data-submit\r executor: python\r script: scripts/data_submit.py\r timeout: 120\r retry: 3\r params:\r auth_mode: BearerToken\r \r

===============================\r

企业异常自愈策略(非常重要)\r

===============================\r

\r error_strategy:\r \r global_retry: 3\r \r fallback_mode: safe_exit\r \r handlers:\r - log_error\r - save_checkpoint\r - alert_admin\r \r

===============================\r

日志审计系统(工业生产必须)\r

===============================\r

\r logging:\r \r level: INFO\r persist: true\r path: ./logs/iqc_engine.log\r \r

===============================\r

输出策略\r

===============================\r

\r output:\r \r format: json\r path: ./output/final\r compress: true

Usage Guidance
This skill appears to implement the advertised pipeline, but it embeds an internal API URL and hard-coded credentials in the code and the SKILL.md parameters do not match how the scripts actually use secrets. Before installing, consider: 1) Do you know and trust the API endpoint 192.168.60.241:1120 and the included credentials? If not, do not run it on sensitive systems or networks. 2) Prefer replacing hard-coded USERNAME/PASSWORD with environment variables or a secure secret store and update the scripts accordingly. 3) Review and, if needed, change any real passwords found in the files (treat them as compromised if you previously used them). 4) Run the pipeline in a sandbox or isolated network first to confirm what data is transmitted. 5) If you intend to integrate with your own API, update API_BASE_URL, LOGIN_PATH, and auth logic rather than relying on the embedded values. If you can provide the intended deployment environment or confirm the API owner, I can re-evaluate with higher confidence.
Capability Analysis
Type: OpenClaw Skill Name: iqc-python-tree Version: 1.0.0 The skill bundle is classified as suspicious due to a critical security vulnerability: hardcoded credentials (`USERNAME` and `PASSWORD`) in `scripts/jwt_token.py`. These credentials are used to authenticate with an internal API at `http://192.168.60.241:1120/api/GenUser/TokenLogin`. While the script's intent is to perform a legitimate login for subsequent data submission, the hardcoded nature of these secrets makes the skill highly vulnerable to credential exposure if the skill bundle is compromised or reviewed by unauthorized parties. No evidence of intentional malicious behavior like data exfiltration to external endpoints, backdoors, or prompt injection against the agent was found.
Capability Assessment
Purpose & Capability
The name/description align with the code: preprocess Excel, convert CSV→JSON, obtain JWT, and POST to an API. Requiring network submission and authentication is coherent with the stated purpose. However the scripts embed a fixed API base URL (http://192.168.60.241:1120) and baked-in username/password, which are sensitive implementation details that are not surfaced in the skill metadata or requires.env — this is unexpected and worth attention.
Instruction Scope
SKILL.md defines a 4-step workflow matching the included scripts. But SKILL.md passes params like secret_key and expire_minutes to the jwt-security-layer step while the jwt_token.py script ignores such runtime secrets and instead uses hard-coded USERNAME/PASSWORD in-source. The scripts read/write run-specific files (current_run_id.txt, output/jwt_token.txt, token cache) and perform network requests to the hard-coded API. These behaviors are within the declared functional scope but the mismatch (declared parameters vs actual use) and the implicit network calls are concerning because the skill may send processed data to the embedded endpoint without asking for environment-level credentials.
Install Mechanism
There is no external install spec or remote-download step; all code is bundled with the skill. This reduces supply-chain risk from remote fetches. The scripts do require common Python packages (pandas, requests, openpyxl/xlrd) but they only check at runtime and instruct the user to pip install if missing.
Credentials
The skill declares no required environment variables or credentials, yet the jwt_token.py contains hard-coded credentials (USERNAME='kang', PASSWORD='kang123456') and a LOGIN_MESSAGE. That means secrets are embedded in the skill rather than requested from the environment — a poor security practice and a potential leak if those credentials are real. The target API is a private IP:port; while plausible for an enterprise, it isn't explained in metadata. Because the skill can post arbitrary produced JSON to that endpoint, the effective credential/egress access is broader than the declared requirements.
Persistence & Privilege
The skill does not set always:true and does not request system-wide configuration changes. It creates run-specific files and token cache under its own directories (token_cache, output, logs) — standard for a pipeline. No evidence it modifies other skills or system-wide agent settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install iqc-python-tree
  3. After installation, invoke the skill by name or use /iqc-python-tree
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Major update: Full rewrite and industrial stabilization of the IQC control plan parsing engine. - Introduced a robust 4-step workflow: Excel preprocessing, CSV to JSON parsing, security JWT authentication, and enterprise data submission. - Enhanced error recovery with global retry, safe exit fallback, and automated logging/alarm handlers. - Added industrial-grade logging and output management (INFO-level, persistent logs, compressed JSON output). - Optimized for low-randomness model inference and stable sequential execution. - Improved security with explicit JWT token expiry and Bearer Token auth mode. - Documented all settings in a detailed, transparent SKILL.md.
Metadata
Slug iqc-python-tree
Version 1.0.0
License
All-time Installs 1
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is 工业化数据处理?

工业级 IQC 控制计划解析,支持 Excel 转 CSV、JSON,含安全认证及数据提交,保证企业数据处理稳定可靠。 It is an AI Agent Skill for Claude Code / OpenClaw, with 366 downloads so far.

How do I install 工业化数据处理?

Run "/install iqc-python-tree" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 工业化数据处理 free?

Yes, 工业化数据处理 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does 工业化数据处理 support?

工业化数据处理 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 工业化数据处理?

It is built and maintained by kangigocc (@kangigocc); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments