← 返回 Skills 市场

Method Dev Agent

Name: Method Dev Agent
Author: teagec

作者 teagec · GitHub ↗ · v0.1.2

cross-platform ⚠ suspicious

429

总下载

当前安装

版本数

在 OpenClaw 中安装

/install method-dev-agent

功能描述

AI助手助力药品分析实验室高效管理色谱方法开发，支持实验记录、方法库、数据分析及AI优化建议。

安全使用建议

What to check before installing or running this skill: - Inspect SKILL.md and README for hidden characters (unicode control chars). Use a hex viewer or an editor that shows non-printable characters; remove or ask the author about any strange contents. - Confirm which 'AI' features are local rule-based vs. remote LLM calls. The repository's code implements a simple rule engine (utils.suggest_optimization); if you expect external LLM functionality, ask the author whether an API key is required and whether network calls are made. - Do NOT run publish.sh unless you intend to push commits and publish to ClawHub. That script will attempt git commits, git push and clawhub publish and will use your git/clawhub credentials and network access. - Run the code in an isolated environment (virtualenv/container) and review requirements.txt. Start the Streamlit app locally and confirm it only reads/writes to the project data/ directory. - If you will store sensitive or regulated lab data, verify data storage and backup policies and consider encrypting or using an approved LIMS. This tool writes a local SQLite DB and CSV exports by default—ensure that matches your compliance needs. - If you want higher confidence, run the unit tests (tests/test_basic.py) and scan the code for any unexpected network/socket usage. The included code does not show outbound network calls, but thorough vetting is recommended. If you'd like, I can (a) produce a small checklist of exact commands to safely inspect files for non-printable characters, (b) summarize which files perform filesystem or network operations, or (c) generate a short list of questions to ask the author about the advertised 'AI recommendation' paid feature.

功能分析

Type: OpenClaw Skill Name: method-dev-agent Version: 0.1.2 The skill contains a Local File Write (LFW) vulnerability in `src/utils.py::export_to_csv`. The `filename` parameter is used directly in `os.path.join` without sanitization, allowing for path traversal (e.g., `../../../../tmp/malicious.csv`). This could enable an attacker to write arbitrary files to arbitrary locations on the system where the process has write permissions, potentially leading to Remote Code Execution (RCE) if combined with other vulnerabilities. While this is a significant security flaw, it appears to be an unintentional vulnerability rather than clear evidence of malicious intent, classifying it as 'suspicious'.

能力评估

ℹ Purpose & Capability

The code (Streamlit UI, SQLite DB, utilities for chromatographic metrics and simple rule-based suggestions) matches the stated purpose of experiment records, method library, and analysis. Minor mismatch: SKILL.md quick-start shows 'streamlit run app.py' at the repo root while the application is located at src/app.py (README uses src/app.py). The SKILL.md advertises 'AI推荐' (AI recommendations, paid) — the included code implements a simple local rule engine (utils.suggest_optimization) rather than an LLM integration; that's plausible but should be made explicit to avoid expectation of an external AI service.

⚠ Instruction Scope

SKILL.md runtime instructions are minimal (pip install dependencies and run Streamlit locally) and consistent with a local app. However: (1) the repository includes a publish.sh that will attempt to commit, push to GitHub and call 'clawhub publish' — running that script will use your git/clawhub credentials and network, but SKILL.md doesn't warn about it; (2) the package contains many marketing drafts and a publish workflow which may encourage the user to run network/publishing steps; (3) a pre-scan found 'unicode-control-chars' in SKILL.md, which may indicate hidden control characters (possible prompt-injection attempt embedded in docs). The app code itself does not make outbound network calls or read arbitrary system files beyond writing to a local data directory.

✓ Install Mechanism

No install spec is declared (instruction-only), so nothing is automatically downloaded or written during 'installation'. Dependencies are standard Python libs listed in requirements.txt (streamlit, pandas, plotly, numpy, dateutil). This is low-risk compared with an arbitrary network download. The included publish script performs network operations only if explicitly executed.

✓ Credentials

The skill does not declare or require any environment variables or credentials. That aligns with the code which stores data in a local SQLite file under a data/ directory. One caveat: publish.sh expects git remote and ClawHub login (credentials), but these are developer convenience scripts and not required for the app to function; the skill does not request unrelated secrets.

✓ Persistence & Privilege

No elevated privileges are requested. The skill is not always-enabled. It persists data to a local SQLite DB in the project data/ folder and writes CSV exports under data/exports. That is proportionate to its purpose. There is no code that modifies other skills or system-wide agent settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install method-dev-agent
安装完成后，直接呼叫该 Skill 的名称或使用 /method-dev-agent 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.2

No functional or documentation changes were made in this version. - No file or content changes detected. - SKILL.md content remains unchanged.

v0.1.1

- Initial public release. - Provides AI-driven assistant for pharmaceutical analytical method development. - Features include intelligent experiment recording, method library, data analysis, and AI recommendations (Pro version). - Supports workflow optimization for HPLC/UPLC/GC laboratories with structured data management and visualization tools.

v0.1.0

Initial release of Method Dev Agent – 方法开发助手 - Provides AI-driven support for pharmaceutical analysis method development (HPLC/UPLC/GC). - Features include smart experiment recording, searchable method library, visual data analysis, and structured knowledge storage. - Supports experiment record management with detailed chromatographic parameters and sample information. - Offers method classification, rapid retrieval, and experiment outcome visualization. - Professional version adds AI-based recommendations, troubleshooting, and advanced data analysis. - Clear installation instructions, pricing tiers (Free, Professional, Enterprise), and contact information included.

元数据

Slug method-dev-agent

版本 0.1.2

许可证 —

累计安装 0

当前安装数 0

历史版本数 3

常见问题

Method Dev Agent 是什么？

AI助手助力药品分析实验室高效管理色谱方法开发，支持实验记录、方法库、数据分析及AI优化建议。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 429 次。

如何安装 Method Dev Agent？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install method-dev-agent」即可一键安装，无需额外配置。

Method Dev Agent 是免费的吗？

是的，Method Dev Agent 完全免费（开源免费），可自由下载、安装和使用。

Method Dev Agent 支持哪些平台？

Method Dev Agent 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Method Dev Agent？

由 teagec（@teagec）开发并维护，当前版本 v0.1.2。