← 返回 Skills 市场
PDCA+ISO9001质量管理
作者
yongjie666888
· GitHub ↗
· v1.0.0
· MIT-0
92
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install quality-management-pdca
功能描述
PDCA+ISO9001质量管理决策系统技能 - 基于PDCA循环和ISO9001质量体系的AI决策质量管控技能,实现任务全生命周期管理、标准化流程、持续改进
安全使用建议
This skill appears coherent with its stated PDCA/ISO9001 purpose, but you should not install it blindly. Before deploying: 1) Inspect scripts/utils.py and any truncated/omitted files to see what send_notification, auto-learning, and any networking functions do and whether they contact external endpoints or expect credentials. 2) Search for any hard‑coded URLs, API keys, or calls to requests/urllib/subprocess that could exfiltrate data. 3) Run the skill in an isolated sandbox or VM and monitor outbound network traffic and filesystem writes (data/, knowledge_base/, reports/). 4) If integrating with real communication channels (webchat, LCM), ensure you provide explicit, least-privilege credentials and understand where data will be sent. 5) If you lack the ability to review the omitted utility code, treat the skill as untrusted and avoid running it on sensitive systems or with administrative privileges.
功能分析
Type: OpenClaw Skill
Name: quality-management-pdca
Version: 1.0.0
The skill bundle implements a comprehensive quality management system based on PDCA and ISO9001 principles. However, it contains a critical security vulnerability in `scripts/knowledge_manager.py`, where the `eval()` function is used to evaluate rule conditions. This poses a significant risk of Remote Code Execution (RCE) if an attacker can inject malicious strings into the rule library (e.g., through the 'auto-learning' feature that extracts rules from project data). While the code appears aligned with its stated purpose and lacks clear evidence of intentional malice or data exfiltration, the use of `eval()` on potentially untrusted data is a high-risk implementation flaw.
能力评估
Purpose & Capability
Name/description (PDCA + ISO9001 quality management) align with the included Python scripts (pdca_engine, decision_checker, iso9001_validator, knowledge_manager, report_generator). Required binary is only python which is proportionate.
Instruction Scope
SKILL.md instructs running local Python scripts to init projects, run plan/do/check/act, validate decisions, and generate reports — these are within the stated purpose. However the runtime docs and code reference features that go beyond simple local checks (notifications, auto-learning, self‑improving/LCM integration, 'sub-agent dispatch', scheduled tasks). The SKILL.md commands themselves do not show accessing unrelated system paths or secrets, but several utility calls (e.g., send_notification, ensure_dir, auto-update templates, auto-learning) could perform network I/O or call external services — the SKILL.md does not explain where those endpoints are or what credentials (if any) are used.
Install Mechanism
No install spec; instruction-only with accompanying Python code. Nothing in the manifest downloads or extracts external artifacts. This is lower install risk, but note that included code will be written to disk when the skill is installed.
Credentials
The skill declares no required environment variables or credentials, yet config.json and docs mention 'notification_channels': ['webchat'], 'LCM记忆系统对接', '子代理调度', and '定时任务引擎' — integrations that normally require endpoints and credentials. The absence of declared API keys or config paths is unexplained: either the integration is local-only (fine) or credentials/endpoints are hard-coded / loaded from elsewhere (risk). Review utils.py and any omitted files to confirm whether network endpoints or secrets are referenced.
Persistence & Privilege
always:false (normal). The code persists data to local directories (data/, knowledge_base/, reports/), which is expected for a knowledge/PDCA system. That file-writing is legitimate for this purpose but means the skill will store potentially sensitive project/decision data on disk — ensure it runs with least privilege and in an appropriate directory.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install quality-management-pdca - 安装完成后,直接呼叫该 Skill 的名称或使用
/quality-management-pdca触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of quality-management-pdca v1.0.0:
- Introduces a comprehensive quality management decision system based on the PDCA cycle and ISO9001 standards.
- Supports full lifecycle quality control, standardized processes, and continuous improvement.
- Features four core modules: PDCA engine, ISO9001 integration, decision quality validation, and knowledge management.
- Provides detailed stage-based functionalities including planning, execution, checking, and acting.
- Includes auto-checking, risk evaluation, report generation, and experience library features.
- Offers flexible configuration and template support for diverse quality management scenarios.
元数据
常见问题
PDCA+ISO9001质量管理 是什么?
PDCA+ISO9001质量管理决策系统技能 - 基于PDCA循环和ISO9001质量体系的AI决策质量管控技能,实现任务全生命周期管理、标准化流程、持续改进. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 92 次。
如何安装 PDCA+ISO9001质量管理?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install quality-management-pdca」即可一键安装,无需额外配置。
PDCA+ISO9001质量管理 是免费的吗?
是的,PDCA+ISO9001质量管理 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
PDCA+ISO9001质量管理 支持哪些平台?
PDCA+ISO9001质量管理 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 PDCA+ISO9001质量管理?
由 yongjie666888(@yongjie666888)开发并维护,当前版本 v1.0.0。
推荐 Skills