← 返回 Skills 市场

Business Rule Engine

Name: Business Rule Engine
Author: kaiyuelv

作者 Lv Lancer · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install business-rule-engine

功能描述

轻量级业务规则引擎，支持规则定义、规则执行、规则链编排和动态规则加载。 Lightweight business rule engine supporting rule definition, execution, chain orchestration and dynamic rule loading.

使用说明 (SKILL.md)

Business Rule Engine | 业务规则引擎

灵活的业务规则管理解决方案，支持复杂的业务逻辑编排和执行。

A flexible business rule management solution supporting complex business logic orchestration and execution.

核心功能 | Core Features

📋 规则定义 | Rule Definition - 声明式规则定义语法
⚡ 规则执行 | Rule Execution - 高性能规则执行引擎
🔗 规则链 | Rule Chain - 支持规则链编排
🔄 动态加载 | Dynamic Loading - 运行时动态加载规则
📊 规则评估 | Rule Evaluation - 条件表达式和动作执行
🧩 可扩展 | Extensible - 插件式规则扩展

快速开始 | Quick Start

Python API

from business_rule_engine import RuleEngine, Rule

# 创建规则引擎 | Create rule engine
engine = RuleEngine()

# 定义规则 | Define rule
rule = Rule(
    name="discount_rule",
    condition="order_amount > 100 and vip_level >= 2",
    action={"type": "apply_discount", "value": 0.9}
)

# 添加规则 | Add rule
engine.add_rule(rule)

# 执行规则 | Execute rule
result = engine.evaluate({
    "order_amount": 200,
    "vip_level": 3
})

测试 | Tests

python -m pytest tests/ -v

安全使用建议

This package appears coherent and implements the claimed business rule engine. The main security consideration is that ExpressionEvaluator uses eval() on expressions assembled from rule text and substituted variables — this is expected for a rule engine but is unsafe if rule text or the evaluation context can be provided by untrusted users. Before using in production: (1) ensure rules and context come from trusted sources or sandbox/evaluate in a restricted environment; (2) run the included unit tests (pytest) to validate behavior; (3) review the remaining (truncated) portions of scripts/rule_engine.py for any file, network, or subprocess usage (none were evident in the visible parts); and (4) consider replacing eval-based evaluation with a safe expression parser (ast parsing, boolean-expression library, or dedicated expression evaluator) if you need to accept rules from untrusted users. If you want, I can scan the remaining truncated sections for any hidden I/O, network calls, or other risks.

功能分析

Type: OpenClaw Skill Name: business-rule-engine Version: 1.0.0 The skill bundle implements a business rule engine that contains a critical security vulnerability in `scripts/rule_engine.py`. The `ExpressionEvaluator` class uses Python's `eval()` function to process rule conditions, which allows for arbitrary code execution if rule definitions are sourced from untrusted input. While the implementation attempts to restrict the environment by clearing `__builtins__`, this is a notoriously weak sandbox that can be bypassed. No evidence of intentional malice or data exfiltration was found, but the use of `eval()` for expression parsing without a robust AST-based evaluator is a high-risk practice.

能力评估

✓ Purpose & Capability

Name/description match the provided code, examples, and unit tests. The files implement a rule engine, DSL parsing, rule chains and JSON loading — all consistent with the declared purpose. There are no declared env vars, binaries, or unrelated dependencies.

ℹ Instruction Scope

SKILL.md only documents usage, tests, and examples for the rule engine — it does not instruct the agent to read unrelated files, access environment variables, or send data externally. However, the runtime code (ExpressionEvaluator) constructs and eval()s expressions derived from rule text/variables; that is intrinsic to the product but becomes unsafe if rules or contexts come from untrusted sources.

✓ Install Mechanism

No install specification is provided (instruction-only metadata), and requirements.txt only lists pytest/test tooling. Nothing is downloaded or written by an installer in the metadata provided.

✓ Credentials

The skill requests no environment variables, credentials, or config paths. The code operates on in-memory structures and JSON strings only; there are no surprising secret requests or external service credentials.

✓ Persistence & Privilege

The skill does not request persistent or elevated platform privileges. always is false and there is no install script or behavior that modifies agent/system configuration or other skills.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install business-rule-engine
安装完成后，直接呼叫该 Skill 的名称或使用 /business-rule-engine 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of the business-rule-engine skill. - Provides a lightweight, flexible business rule engine. - Supports rule definition, execution, rule chain orchestration, and dynamic rule loading. - Includes extensible plugin architecture and condition/action-based rule evaluation. - Python API for defining, adding, and evaluating business rules. - Quick start guide and test instructions included.

元数据

Slug business-rule-engine

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题