← Back to Skills Marketplace
80
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install survey-workflow
Description
组织健康度与员工敬业度调研全流程管理 Agent。功能包括:①员工名单批量导入问卷系统;②追加人员(增量导入);③发送调研通知(支持自定义通知模板);④追踪填答状态;⑤截止前自动催办;⑥拉取答卷数据(API直连);⑦计算本批次基准均值;⑧按模板生成部门/集团诊断报告。问卷包含麦肯锡组织健康度37题(10维度)+...
Usage Guidance
This skill appears to be a legitimate survey workflow integration, but it expects gateway credentials and will process employee identifiers and submission data. Before installing: 1) Confirm the API endpoints belong to your organization (production domains shown are org-specific). 2) Do not provide a high-privilege org-wide appKey or long-lived access-token; instead create a scoped service account / token that only permits the needed operations (import targets, sendNotify, list submissions, pressure) and can be revoked. 3) Update the skill manifest to declare required env vars (e.g., APP_KEY, ACCESS_TOKEN) so the platform can surface and control secrets. 4) Test against the provided test environment before hitting production. 5) Decide and document where local archives (input/notification_records.json) are stored and who can read them; avoid storing tokens in plaintext. 6) Audit usage: monitor notification and pressure endpoints carefully (pressureNotify is a GET that triggers side effects) to avoid accidental spam or unauthorized notifications. If you cannot supply minimal, scoped credentials or cannot verify the service domains, treat this skill as not ready for deployment.
Capability Analysis
Type: OpenClaw Skill
Name: survey-workflow
Version: 1.0.0
The survey-workflow skill bundle manages employee engagement surveys by executing local Python scripts and interacting with external APIs (mediportal.com.cn and xgjktech.com.cn). While its behavior is aligned with the stated purpose, it possesses high-risk capabilities including the handling of sensitive employee PII (IDs and names), network access for data exfiltration to external endpoints, and the execution of shell commands for report generation. Under the provided criteria, these risky capabilities are considered suspicious even if plausibly needed for the workflow, as they represent a significant attack surface without further sandboxing of the scripts (e.g., generate_dept_reports_v4.py) and API interactions.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description (全流程问卷管理:导入名单、发通知、催办、拉取答卷、统计与报告) align with the documented APIs and the SKILL.md; the endpoints and flows shown are coherent for a survey workflow agent.
Instruction Scope
The SKILL.md explicitly instructs calling gateway APIs that require an appKey or access-token header and to import/handle employeeId lists and submission details (sensitive PII). It also recommends archiving notification records to a local path (input/notification_records.json). The document references both test and production endpoints and instructs operations that cause side effects (sendNotify, pressureNotify). These runtime actions are within purpose but involve sensitive data, external network calls, and side-effecting endpoints that should be explicitly authorized and declared.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing will be written to disk by an installer; runtime network calls are the main surface.
Credentials
The SKILL.md requires authentication headers (appKey and/or access-token) for the API gateway, but the skill manifest declares no required environment variables or primary credential. This is an important mismatch: the agent will need credentials (gateway appKey, access-token or similar) and likely identity context for import operations, yet no credentials are requested or scoped in the metadata. The skill will handle employee IDs and submission data (sensitive), so missing credential declaration and lack of least-privilege guidance is a proportionality concern.
Persistence & Privilege
always is false and there's no instruction that the skill will enable itself or change other skills. The only persistence note is an advisory to archive notification records to a local path; that is operational guidance, not an elevated privilege request. Autonomous invocation is allowed (platform default) but not combined with always:true or broad undeclared credentials.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install survey-workflow - After installation, invoke the skill by name or use
/survey-workflow - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
初始版本
Metadata
Frequently Asked Questions
What is survey-workflow?
组织健康度与员工敬业度调研全流程管理 Agent。功能包括:①员工名单批量导入问卷系统;②追加人员(增量导入);③发送调研通知(支持自定义通知模板);④追踪填答状态;⑤截止前自动催办;⑥拉取答卷数据(API直连);⑦计算本批次基准均值;⑧按模板生成部门/集团诊断报告。问卷包含麦肯锡组织健康度37题(10维度)+... It is an AI Agent Skill for Claude Code / OpenClaw, with 80 downloads so far.
How do I install survey-workflow?
Run "/install survey-workflow" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is survey-workflow free?
Yes, survey-workflow is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does survey-workflow support?
survey-workflow is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created survey-workflow?
It is built and maintained by spzwin (@spzwin); the current version is v1.0.0.
More Skills