← Back to Skills Marketplace
导购个人业绩分析
by
Xtechmerge.AI
· GitHub ↗
· v1.0.0
· MIT-0
111
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install retail-clerk-performance-analysis
Description
导购个人业绩深度分析工具。支持普通门店(POS数据)和AIoT门店(POS+AIoT数据)。 输出导购个人详细诊断报告,包含: 1. 核心业绩指标(销售额、排名、业绩占比) 2. 雷达图能力对比(6维能力 vs 门店平均) 3. 商品特征分析(品类/价格带/包型/颜色/新品偏好) 4. Top5 SKU爆品分析(...
Usage Guidance
This skill appears to implement the analysis it claims, but before installing you should: 1) Review the api_client implementation (get_api_client) that the skill imports — confirm what credentials/tokens it uses and what endpoints it can call; the skill will run API calls using that client. 2) Remove or correct the hard-coded development path (/Users/yangguangwei/...) and the implicit sys.path inserts so the skill doesn't depend on a specific user's workspace. 3) Verify that the api_client's credentials are scoped to only the needed copilot/guide endpoints (least privilege) and cannot be used to access unrelated sensitive APIs or exfiltrate data. 4) Test the skill in a sandbox account with non-sensitive store data first. 5) If you need stronger guarantees, require the skill to accept an explicit, scoped credential or client factory (documented in SKILL.md) rather than relying on implicit imports of local code. If you want, provide the api_client code or its credential model and I can re-evaluate with higher confidence.
Capability Analysis
Type: OpenClaw Skill
Name: retail-clerk-performance-analysis
Version: 1.0.0
The skill bundle is classified as suspicious due to several security vulnerabilities found in analyze.py. Specifically, the script contains a hardcoded absolute path to a developer's home directory (/Users/yangguangwei/.openclaw/workspace-front-door), which results in information disclosure and potential path hijacking. Additionally, the script lacks input sanitization for user-controlled parameters such as guide_name and store_id before passing them to internal API endpoints, which could allow for injection attacks if the backend services are not properly secured.
Capability Assessment
Purpose & Capability
Name/description, SKILL.md and analyze.py all consistently implement a retail clerk performance analysis tool that calls internal APIs (/api/v1/guide/...). The required capabilities match the stated purpose. However the code depends on an external api_client from a local workspace (not declared) which is an implicit dependency outside the skill bundle.
Instruction Scope
Runtime instructions and code limit actions to calling internal copilot APIs for guide detail, order analysis, funnel and trial endpoints; they do not attempt arbitrary file exfiltration or external network endpoints. But sample usage and code add host-specific sys.path entries to import api_client, giving the skill access to whatever that client can call—this expands the effective scope beyond the documented endpoints.
Install Mechanism
No install spec or external downloads. The skill is instruction/code-only and doesn't install packages or fetch remote archives, which is low risk from an install perspective.
Credentials
The skill declares no required env vars or credentials but relies on get_api_client() imported from an external local module; that client likely uses platform credentials or tokens (not declared). Also the code inserts an absolute development path (/Users/yangguangwei/.openclaw/workspace-front-door) into sys.path — a hardcoded path leak and an implicit dependency on local environment/configuration. The absence of declared credentials with an implicit API client is disproportionate and warrants review.
Persistence & Privilege
always:false and default model invocation behavior. The skill does not request persistent system-wide privileges or modify other skills. Autonomous invocation is enabled by default (not flagged alone).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install retail-clerk-performance-analysis - After installation, invoke the skill by name or use
/retail-clerk-performance-analysis - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: 支持导购深度业绩分析、雷达图对比、AIoT转化分析
Metadata
Frequently Asked Questions
What is 导购个人业绩分析?
导购个人业绩深度分析工具。支持普通门店(POS数据)和AIoT门店(POS+AIoT数据)。 输出导购个人详细诊断报告,包含: 1. 核心业绩指标(销售额、排名、业绩占比) 2. 雷达图能力对比(6维能力 vs 门店平均) 3. 商品特征分析(品类/价格带/包型/颜色/新品偏好) 4. Top5 SKU爆品分析(... It is an AI Agent Skill for Claude Code / OpenClaw, with 111 downloads so far.
How do I install 导购个人业绩分析?
Run "/install retail-clerk-performance-analysis" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 导购个人业绩分析 free?
Yes, 导购个人业绩分析 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 导购个人业绩分析 support?
导购个人业绩分析 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 导购个人业绩分析?
It is built and maintained by Xtechmerge.AI (@gwyang7); the current version is v1.0.0.
More Skills