← Back to Skills Marketplace
yongjie666888

BOM Compare Tool

by yongjie666888 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
132
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install bom-compare-tool
Description
BOM物料清单对比工具 | 对比两个版本的BOM差异,自动识别新增、删除、变更的物料项
README (SKILL.md)

BOM物料清单对比工具

对比两个版本的物料清单(BOM),快速识别差异:新增项、删除项、规格变更项。

适用场景

  • 设计变更BOM对比
  • 供应商BOM核对
  • 采购BOM与技术BOM一致性检查
  • 版本升级变更分析

对比结果

差异类型 说明
新增物料 新版有、旧版无
删除物料 旧版有、新版无
数量变更 同一物料数量变化
规格变更 物料型号/规格变化
单价变更 价格变动(需提供价格)

输出格式

BOM对比报告
━━━━━━━━━━━━━━
旧版:BOM-V1.0(2026-01-15)
新版:BOM-V2.0(2026-03-10)
━━━━━━━━━━━━━━

新增物料(3项):
  ✅ 磁钢-N52H-20x10x3mm(新增)
  ✅ 轴承-6205-2Z-C3(新增)

删除物料(1项):
  ❌ 垫圈-M5-不锈钢(删除)

数量变更(2项):
  📝 漆包线-0.5mm:旧50kg → 新55kg(+10%)
  📝 轴承-6204:旧2个 → 新4个(+100%)

规格变更(1项):
  ⚠️ 铝合金壳体:旧6061-T6 → 新6063-T5

━━━━━━━━━━━━━━
总物料项:旧45项 → 新47项(+2项)
预估成本变动:+¥1,200(+3.2%)
Usage Guidance
This skill appears coherent and limited to comparing BOM files. Before installing/running: (1) ensure you run it where Node and the 'xlsx' npm package are installed (the skill does not provide an install step), (2) only provide BOM files you trust (the script reads arbitrary file paths you pass to it), and (3) if you need to run it in an automated agent, confirm the runtime has no network access or unnecessary privileges if you want to minimize risk. If you want higher assurance, review the compare.js source (already included) or run it in an isolated environment.
Capability Analysis
Type: OpenClaw Skill Name: bom-compare-tool Version: 1.0.0 The skill implements file system access in `compare.js` using `fs.readFileSync` and `xlsx.readFile` to process BOM files, but it lacks any path sanitization or validation for the input file paths. This constitutes a potential path traversal vulnerability, as the tool will attempt to read any file path provided by the agent. While the behavior is aligned with the tool's stated purpose in `SKILL.md`, the lack of input sanitization on a risky capability (file access) meets the criteria for a suspicious classification.
Capability Assessment
Purpose & Capability
The name/description (BOM comparison) align with the included code and SKILL.md. compare.js parses CSV/XLSX, builds indexes by part number, and reports added/removed/changed items — exactly what the skill claims. There are no unrelated credentials, binaries, or external services required by the described functionality.
Instruction Scope
SKILL.md stays on-topic (how to use the tool, expected output). The runtime code reads user-supplied file paths from disk (expected for a CLI tool). One minor scope note: SKILL.md and metadata do not mention the runtime dependency on the Node 'xlsx' package or Node itself, so the agent/user must ensure those are present; otherwise the script will fail.
Install Mechanism
There is no install spec (instruction-only), which reduces install risk. However, the code requires the npm module 'xlsx' (require('xlsx')) but the package/dependency is not declared or installed by the skill; this is a usability/packaging omission rather than a security issue.
Credentials
The skill requests no environment variables, credentials, or config paths. The code operates only on files provided by the user and does not access external endpoints, secrets, or unrelated system config.
Persistence & Privilege
The skill does not request persistent presence (always is false), does not modify other skills or system-wide settings, and does not persist credentials. It only reads input files and prints a report.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install bom-compare-tool
  3. After installation, invoke the skill by name or use /bom-compare-tool
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Slug bom-compare-tool
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is BOM Compare Tool?

BOM物料清单对比工具 | 对比两个版本的BOM差异,自动识别新增、删除、变更的物料项. It is an AI Agent Skill for Claude Code / OpenClaw, with 132 downloads so far.

How do I install BOM Compare Tool?

Run "/install bom-compare-tool" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is BOM Compare Tool free?

Yes, BOM Compare Tool is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does BOM Compare Tool support?

BOM Compare Tool is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created BOM Compare Tool?

It is built and maintained by yongjie666888 (@yongjie666888); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments