← 返回 Skills 市场
MLOps Industrialization
作者
Guohongbin
· GitHub ↗
· v1.0.0
635
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install mlops-industrialization-cn
功能描述
Transform prototypes into distributable Python packages
安全使用建议
This skill appears to do exactly what it says: create a three-layer Python package layout. Before running the script, review and run it in a safe/empty directory (or container) because it will create files and directories in your working tree. Avoid passing package names containing path traversal sequences (e.g., '..' or leading slashes) — the script only replaces '-' with '_' and does not sanitize other characters. Expect to install runtime dependencies yourself (pandas, pydantic, parquet engine like pyarrow) and note the small bug in application/train.py (config.model_dump() passed into transform_features) which you may need to fix. If you want additional safety, run the script in a disposable environment or inspect/modify it to validate/sanitize the PACKAGE_NAME before use.
功能分析
Type: OpenClaw Skill
Name: mlops-industrialization-cn
Version: 1.0.0
The skill bundle's primary purpose is benign, generating a Python package structure. However, the `scripts/create-package.sh` file contains a shell injection vulnerability. The script uses the user-provided `PACKAGE_NAME` argument directly in `mkdir` commands without proper sanitization. This allows an attacker to inject arbitrary shell commands by crafting a malicious package name (e.g., `my_package; rm -rf /`), leading to potential Remote Code Execution (RCE) if the OpenClaw agent or user provides unsanitized input.
能力评估
Purpose & Capability
The name/description (turn prototypes into distributable Python packages) matches the provided artifacts: a SKILL.md describing a package generator and a shell script that creates a src/ package layout. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
SKILL.md instructs running ./scripts/create-package.sh which writes files into the workspace — this is expected. However the script does not sufficiently sanitize the user-supplied package name: PACKAGE_DIR is derived only by replacing '-' with '_' so values containing '..' or other path components can create directories outside the intended folder (src/../...). Also train.py contains a likely bug (calls config.model_dump() where transform_features expects a config dict) which could cause runtime errors. There are no instructions to read secrets or send data externally.
Install Mechanism
No install spec; the skill is instruction-only with a small helper script. Nothing is downloaded or extracted from external URLs.
Credentials
The skill requests no environment variables, credentials, or config paths. The code uses standard libraries and common Python packages (pandas, pydantic) but does not require secrets or network credentials.
Persistence & Privilege
The skill does not request persistent/always-on privileges (always: false) and does not attempt to modify other skills or system-wide configuration. It writes files only when its script is executed.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mlops-industrialization-cn - 安装完成后,直接呼叫该 Skill 的名称或使用
/mlops-industrialization-cn触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Claude→OpenClaw conversion. Features: package generator, src layout
元数据
常见问题
MLOps Industrialization 是什么?
Transform prototypes into distributable Python packages. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 635 次。
如何安装 MLOps Industrialization?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mlops-industrialization-cn」即可一键安装,无需额外配置。
MLOps Industrialization 是免费的吗?
是的,MLOps Industrialization 完全免费(开源免费),可自由下载、安装和使用。
MLOps Industrialization 支持哪些平台?
MLOps Industrialization 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 MLOps Industrialization?
由 Guohongbin(@guohongbin-git)开发并维护,当前版本 v1.0.0。
推荐 Skills