← Back to Skills Marketplace
PDCA+ISO9001质量管理
by
yongjie666888
· GitHub ↗
· v1.0.0
· MIT-0
92
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install quality-management-pdca
Description
PDCA+ISO9001质量管理决策系统技能 - 基于PDCA循环和ISO9001质量体系的AI决策质量管控技能,实现任务全生命周期管理、标准化流程、持续改进
Usage Guidance
This skill appears coherent with its stated PDCA/ISO9001 purpose, but you should not install it blindly. Before deploying: 1) Inspect scripts/utils.py and any truncated/omitted files to see what send_notification, auto-learning, and any networking functions do and whether they contact external endpoints or expect credentials. 2) Search for any hard‑coded URLs, API keys, or calls to requests/urllib/subprocess that could exfiltrate data. 3) Run the skill in an isolated sandbox or VM and monitor outbound network traffic and filesystem writes (data/, knowledge_base/, reports/). 4) If integrating with real communication channels (webchat, LCM), ensure you provide explicit, least-privilege credentials and understand where data will be sent. 5) If you lack the ability to review the omitted utility code, treat the skill as untrusted and avoid running it on sensitive systems or with administrative privileges.
Capability Analysis
Type: OpenClaw Skill
Name: quality-management-pdca
Version: 1.0.0
The skill bundle implements a comprehensive quality management system based on PDCA and ISO9001 principles. However, it contains a critical security vulnerability in `scripts/knowledge_manager.py`, where the `eval()` function is used to evaluate rule conditions. This poses a significant risk of Remote Code Execution (RCE) if an attacker can inject malicious strings into the rule library (e.g., through the 'auto-learning' feature that extracts rules from project data). While the code appears aligned with its stated purpose and lacks clear evidence of intentional malice or data exfiltration, the use of `eval()` on potentially untrusted data is a high-risk implementation flaw.
Capability Assessment
Purpose & Capability
Name/description (PDCA + ISO9001 quality management) align with the included Python scripts (pdca_engine, decision_checker, iso9001_validator, knowledge_manager, report_generator). Required binary is only python which is proportionate.
Instruction Scope
SKILL.md instructs running local Python scripts to init projects, run plan/do/check/act, validate decisions, and generate reports — these are within the stated purpose. However the runtime docs and code reference features that go beyond simple local checks (notifications, auto-learning, self‑improving/LCM integration, 'sub-agent dispatch', scheduled tasks). The SKILL.md commands themselves do not show accessing unrelated system paths or secrets, but several utility calls (e.g., send_notification, ensure_dir, auto-update templates, auto-learning) could perform network I/O or call external services — the SKILL.md does not explain where those endpoints are or what credentials (if any) are used.
Install Mechanism
No install spec; instruction-only with accompanying Python code. Nothing in the manifest downloads or extracts external artifacts. This is lower install risk, but note that included code will be written to disk when the skill is installed.
Credentials
The skill declares no required environment variables or credentials, yet config.json and docs mention 'notification_channels': ['webchat'], 'LCM记忆系统对接', '子代理调度', and '定时任务引擎' — integrations that normally require endpoints and credentials. The absence of declared API keys or config paths is unexplained: either the integration is local-only (fine) or credentials/endpoints are hard-coded / loaded from elsewhere (risk). Review utils.py and any omitted files to confirm whether network endpoints or secrets are referenced.
Persistence & Privilege
always:false (normal). The code persists data to local directories (data/, knowledge_base/, reports/), which is expected for a knowledge/PDCA system. That file-writing is legitimate for this purpose but means the skill will store potentially sensitive project/decision data on disk — ensure it runs with least privilege and in an appropriate directory.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install quality-management-pdca - After installation, invoke the skill by name or use
/quality-management-pdca - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of quality-management-pdca v1.0.0:
- Introduces a comprehensive quality management decision system based on the PDCA cycle and ISO9001 standards.
- Supports full lifecycle quality control, standardized processes, and continuous improvement.
- Features four core modules: PDCA engine, ISO9001 integration, decision quality validation, and knowledge management.
- Provides detailed stage-based functionalities including planning, execution, checking, and acting.
- Includes auto-checking, risk evaluation, report generation, and experience library features.
- Offers flexible configuration and template support for diverse quality management scenarios.
Metadata
Frequently Asked Questions
What is PDCA+ISO9001质量管理?
PDCA+ISO9001质量管理决策系统技能 - 基于PDCA循环和ISO9001质量体系的AI决策质量管控技能,实现任务全生命周期管理、标准化流程、持续改进. It is an AI Agent Skill for Claude Code / OpenClaw, with 92 downloads so far.
How do I install PDCA+ISO9001质量管理?
Run "/install quality-management-pdca" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is PDCA+ISO9001质量管理 free?
Yes, PDCA+ISO9001质量管理 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does PDCA+ISO9001质量管理 support?
PDCA+ISO9001质量管理 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created PDCA+ISO9001质量管理?
It is built and maintained by yongjie666888 (@yongjie666888); the current version is v1.0.0.
More Skills