← Back to Skills Marketplace
R ggplot Quickplot
by
kenthompson2088
· GitHub ↗
· v3.1.0
· MIT-0
166
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install r-ggplot-quickplot
Description
上传 CSV 数据文件,自动生成 9 种常用 ggplot2 图表(散点图、柱状图、箱线图、折线图、直方图、分面图等)。零代码可视化,支持 Docker/Singularity 免安装运行。
Usage Guidance
Key things to consider before installing or running this skill:
- Do not run the build/run scripts blindly. The package references run_plot.R, Dockerfile, and Singularity.def, but those files are missing from the manifest — the tool cannot run as advertised until you obtain or inspect run_plot.R and the image definitions.
- If you plan to build or run the Docker/Singularity modes, review the Dockerfile / Singularity.def and the R script (run_plot.R) first to ensure they do not execute unexpected network calls, remote code, or read sensitive host files. The current scripts will mount/copy your input and output directories into containers, giving containerized code access to those files.
- Pushing images requires DOCKER_USERNAME (optional). Only set/publish to your own account after inspecting the image contents and ensuring no secrets are baked in.
- Because the source is marked 'unknown' and critical runtime files are absent, consider contacting the author or using a trusted fork. If you need to test, run it in a contained environment (throwaway VM or sandbox) and with non-sensitive sample data until you have inspected run_plot.R and any image build files.
- If you want a go/no-go decision: this package is suspicious (incoherent packaging). It could be an incomplete upload rather than malicious, but you should obtain the missing files and review them before use.
Capability Analysis
Type: OpenClaw Skill
Name: r-ggplot-quickplot
Version: 3.1.0
The skill bundle contains shell scripts (run_docker.sh, run_singularity.sh, and run.sh) that are vulnerable to shell injection because they do not sanitize the input file path argument before using it in command substitutions and path evaluations. Additionally, the scripts automatically invoke 'install.packages' in R, which presents a supply chain risk by executing code from external repositories during setup. While these appear to be unintentional security flaws rather than intentional malware, they constitute high-risk behaviors in an automated agent environment.
Capability Assessment
Purpose & Capability
The name/description (CSV -> 9 ggplot2 charts, Docker/Singularity support) is consistent with the presence of config, sample data, and build/run scripts. However the package is missing key runtime/build artifacts referenced by the docs: run_plot.R (the R script the wrappers call) is not present in the manifest, and the SKILL.md metadata references a Dockerfile and Singularity.def that are not included. Additionally, two SKILL.md variants declare different required binaries (one lists docker, another lists Rscript), which is an incoherence between declared requirements and runtime files.
Instruction Scope
The included shell scripts (run.sh, run_docker.sh, run_singularity.sh, build_*.sh) operate only on local input/output paths, check for docker/singularity/R, and optionally build/push images. They do not attempt to read unrelated system files or leak data to remote endpoints. Note: build_docker.sh can push images to Docker Hub when DOCKER_USERNAME is set; run_docker.sh copies and mounts local input/output into containers — expected behavior but you should be aware this gives the container access to those host paths.
Install Mechanism
There is no formal install spec (instruction-only). That is low risk normally, but here it's inconsistent with the declared 'docker' build metadata because the repository does not include the referenced Dockerfile or Singularity.def, so the provided build scripts cannot complete as-is. No remote downloads or obscure URLs are used in the included scripts (good), but the missing build/runtime files are a practical problem and an incoherence.
Credentials
No required environment variables or credentials are declared. Scripts optionally use DOCKER_USERNAME / DOCKER_IMAGE_NAME when pushing images; these are optional and proportional to the stated capability (publishing a Docker image). There are no requests for unrelated secrets or config paths.
Persistence & Privilege
The skill does not request permanent/automatic inclusion (always:false) and does not modify other skills or system-wide configs. Execution involves running containers or R scripts and creating output files in local directories — expected for this use case.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install r-ggplot-quickplot - After installation, invoke the skill by name or use
/r-ggplot-quickplot - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.1.0
优化图表检测逻辑,支持任意列名的CSV数据;改进通用数据兼容性
v3.0.0
支持 Docker 和 Singularity 镜像,零代码可视化
v2.0.0
初始版本 - 支持自动检测数据列并生成9种图表
Metadata
Frequently Asked Questions
What is R ggplot Quickplot?
上传 CSV 数据文件,自动生成 9 种常用 ggplot2 图表(散点图、柱状图、箱线图、折线图、直方图、分面图等)。零代码可视化,支持 Docker/Singularity 免安装运行。 It is an AI Agent Skill for Claude Code / OpenClaw, with 166 downloads so far.
How do I install R ggplot Quickplot?
Run "/install r-ggplot-quickplot" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is R ggplot Quickplot free?
Yes, R ggplot Quickplot is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does R ggplot Quickplot support?
R ggplot Quickplot is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).
Who created R ggplot Quickplot?
It is built and maintained by kenthompson2088 (@kenthompson2088); the current version is v3.1.0.
More Skills