← 返回 Skills 市场
BOM Compare Tool
作者
yongjie666888
· GitHub ↗
· v1.0.0
· MIT-0
132
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install bom-compare-tool
功能描述
BOM物料清单对比工具 | 对比两个版本的BOM差异,自动识别新增、删除、变更的物料项
使用说明 (SKILL.md)
BOM物料清单对比工具
对比两个版本的物料清单(BOM),快速识别差异:新增项、删除项、规格变更项。
适用场景
- 设计变更BOM对比
- 供应商BOM核对
- 采购BOM与技术BOM一致性检查
- 版本升级变更分析
对比结果
| 差异类型 | 说明 |
|---|---|
| 新增物料 | 新版有、旧版无 |
| 删除物料 | 旧版有、新版无 |
| 数量变更 | 同一物料数量变化 |
| 规格变更 | 物料型号/规格变化 |
| 单价变更 | 价格变动(需提供价格) |
输出格式
BOM对比报告
━━━━━━━━━━━━━━
旧版:BOM-V1.0(2026-01-15)
新版:BOM-V2.0(2026-03-10)
━━━━━━━━━━━━━━
新增物料(3项):
✅ 磁钢-N52H-20x10x3mm(新增)
✅ 轴承-6205-2Z-C3(新增)
删除物料(1项):
❌ 垫圈-M5-不锈钢(删除)
数量变更(2项):
📝 漆包线-0.5mm:旧50kg → 新55kg(+10%)
📝 轴承-6204:旧2个 → 新4个(+100%)
规格变更(1项):
⚠️ 铝合金壳体:旧6061-T6 → 新6063-T5
━━━━━━━━━━━━━━
总物料项:旧45项 → 新47项(+2项)
预估成本变动:+¥1,200(+3.2%)
安全使用建议
This skill appears coherent and limited to comparing BOM files. Before installing/running: (1) ensure you run it where Node and the 'xlsx' npm package are installed (the skill does not provide an install step), (2) only provide BOM files you trust (the script reads arbitrary file paths you pass to it), and (3) if you need to run it in an automated agent, confirm the runtime has no network access or unnecessary privileges if you want to minimize risk. If you want higher assurance, review the compare.js source (already included) or run it in an isolated environment.
功能分析
Type: OpenClaw Skill
Name: bom-compare-tool
Version: 1.0.0
The skill implements file system access in `compare.js` using `fs.readFileSync` and `xlsx.readFile` to process BOM files, but it lacks any path sanitization or validation for the input file paths. This constitutes a potential path traversal vulnerability, as the tool will attempt to read any file path provided by the agent. While the behavior is aligned with the tool's stated purpose in `SKILL.md`, the lack of input sanitization on a risky capability (file access) meets the criteria for a suspicious classification.
能力评估
Purpose & Capability
The name/description (BOM comparison) align with the included code and SKILL.md. compare.js parses CSV/XLSX, builds indexes by part number, and reports added/removed/changed items — exactly what the skill claims. There are no unrelated credentials, binaries, or external services required by the described functionality.
Instruction Scope
SKILL.md stays on-topic (how to use the tool, expected output). The runtime code reads user-supplied file paths from disk (expected for a CLI tool). One minor scope note: SKILL.md and metadata do not mention the runtime dependency on the Node 'xlsx' package or Node itself, so the agent/user must ensure those are present; otherwise the script will fail.
Install Mechanism
There is no install spec (instruction-only), which reduces install risk. However, the code requires the npm module 'xlsx' (require('xlsx')) but the package/dependency is not declared or installed by the skill; this is a usability/packaging omission rather than a security issue.
Credentials
The skill requests no environment variables, credentials, or config paths. The code operates only on files provided by the user and does not access external endpoints, secrets, or unrelated system config.
Persistence & Privilege
The skill does not request persistent presence (always is false), does not modify other skills or system-wide settings, and does not persist credentials. It only reads input files and prints a report.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install bom-compare-tool - 安装完成后,直接呼叫该 Skill 的名称或使用
/bom-compare-tool触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
BOM Compare Tool 是什么?
BOM物料清单对比工具 | 对比两个版本的BOM差异,自动识别新增、删除、变更的物料项. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 132 次。
如何安装 BOM Compare Tool?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install bom-compare-tool」即可一键安装,无需额外配置。
BOM Compare Tool 是免费的吗?
是的,BOM Compare Tool 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
BOM Compare Tool 支持哪些平台?
BOM Compare Tool 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 BOM Compare Tool?
由 yongjie666888(@yongjie666888)开发并维护,当前版本 v1.0.0。
推荐 Skills