← 返回 Skills 市场
133
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install officecli-xlsx
功能描述
Use this skill any time a .xlsx file is involved -- as input, output, or both. This includes: creating spreadsheets, financial models, dashboards, or tracker...
安全使用建议
This skill appears to do what it says (xlsx editing) but instructs the agent to download-and-run an installer from a remote GitHub URL — a risky supply-chain action. Before installing or allowing autonomous use: 1) Inspect the installer script at https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh manually (do not run it blind). 2) Prefer an install method with signed releases or checksums (GitHub releases with checksums) or use a vetted package from your OS package manager. 3) If you must run the installer, test in an isolated environment (VM/container) and audit network calls it makes. 4) Consider disabling autonomous invocation for this skill until you trust the upstream repo, or run officecli yourself and keep the agent blocked from performing installs. 5) If you rely on this skill in production, request provenance (who maintains iOfficeAI/OfficeCli), release signatures, and an explicit install spec in the registry.
功能分析
Type: OpenClaw Skill
Name: officecli-xlsx
Version: 1.0.2
The skill bundle contains instructions in SKILL.md that direct the AI agent to automatically download and execute a shell script from an external GitHub repository (github.com/iOfficeAI/OfficeCli) using the 'curl | bash' pattern every time the skill is invoked. While this is framed as a necessary installation and update check for the 'officecli' tool, it introduces a significant supply-chain risk and a Remote Code Execution (RCE) vector by executing unverified remote code in the agent's environment. Without evidence of a malicious payload in the installer itself, this behavior is classified as high-risk/suspicious rather than explicitly malicious.
能力评估
Purpose & Capability
Name/description align with the CLI usage shown: all commands operate on .xlsx workbooks and related artifacts. However, the package metadata contains no install specification even though the runtime instructions mandate installing a third-party 'officecli' binary — that mismatch (instructions expect a network-installed binary not declared in the registry metadata) is noteworthy.
Instruction Scope
SKILL.md tells the agent to run shell commands that download and execute a remote install script (curl | bash) and to call GitHub APIs. It also exposes a 'raw-set' XML escape hatch that allows arbitrary XML modifications. These are within spreadsheet manipulation functionally, but downloading/executing remote scripts and providing a raw XML write path significantly expands what the agent will do beyond simple file parsing/editing and could be abused to run arbitrary code or alter system state.
Install Mechanism
No formal install spec is registered, yet the instructions require fetching https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh and executing it. This is a high-risk pattern (remote script download-and-execute) because the script's contents are not provided, there's no checksum/signature, and the source 'iOfficeAI/OfficeCli' is not verified in the registry metadata.
Credentials
The skill does not request environment variables, credentials, or config paths. All declared operations relate to spreadsheet files and local CLI commands, so requested secrets/access are proportional to the stated purpose.
Persistence & Privilege
always:false and no system-level modifications are declared. However, the agent is allowed to invoke the skill autonomously (default) and the instructions include installing/upgrading a CLI from the network — combining autonomous invocation with automatic remote installer execution increases blast radius if the installer or upstream repo is compromised.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install officecli-xlsx - 安装完成后,直接呼叫该 Skill 的名称或使用
/officecli-xlsx触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Added detailed documentation files: creating.md (for creating spreadsheets) and editing.md (for editing existing workbooks).
- Quick Reference section now links directly to these new guides for easier access to task-specific instructions.
v1.0.1
- Removed the editing.md and creating.md quick-reference files.
- References to these removed files remain in the main documentation.
v1.0.0
Initial release of the officecli-xlsx skill for Excel and .xlsx file operations.
- Enables reading, parsing, and extracting data from .xlsx files using officecli commands.
- Supports creating spreadsheets, financial models, dashboards, and trackers.
- Includes commands for editing or updating existing workbooks, and handling formulas, charts, pivot tables, and templates.
- Provides CSV/TSV to Excel import capability.
- Comprehensive quick reference with usage examples and professional spreadsheet best practices.
元数据
常见问题
officecli-xlsx 是什么?
Use this skill any time a .xlsx file is involved -- as input, output, or both. This includes: creating spreadsheets, financial models, dashboards, or tracker... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 133 次。
如何安装 officecli-xlsx?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install officecli-xlsx」即可一键安装,无需额外配置。
officecli-xlsx 是免费的吗?
是的,officecli-xlsx 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
officecli-xlsx 支持哪些平台?
officecli-xlsx 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 officecli-xlsx?
由 瓦砾(@iceyliu)开发并维护,当前版本 v1.0.2。
推荐 Skills