← 返回 Skills 市场
R ggplot Quickplot
作者
kenthompson2088
· GitHub ↗
· v3.1.0
· MIT-0
166
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install r-ggplot-quickplot
功能描述
上传 CSV 数据文件,自动生成 9 种常用 ggplot2 图表(散点图、柱状图、箱线图、折线图、直方图、分面图等)。零代码可视化,支持 Docker/Singularity 免安装运行。
安全使用建议
Key things to consider before installing or running this skill:
- Do not run the build/run scripts blindly. The package references run_plot.R, Dockerfile, and Singularity.def, but those files are missing from the manifest — the tool cannot run as advertised until you obtain or inspect run_plot.R and the image definitions.
- If you plan to build or run the Docker/Singularity modes, review the Dockerfile / Singularity.def and the R script (run_plot.R) first to ensure they do not execute unexpected network calls, remote code, or read sensitive host files. The current scripts will mount/copy your input and output directories into containers, giving containerized code access to those files.
- Pushing images requires DOCKER_USERNAME (optional). Only set/publish to your own account after inspecting the image contents and ensuring no secrets are baked in.
- Because the source is marked 'unknown' and critical runtime files are absent, consider contacting the author or using a trusted fork. If you need to test, run it in a contained environment (throwaway VM or sandbox) and with non-sensitive sample data until you have inspected run_plot.R and any image build files.
- If you want a go/no-go decision: this package is suspicious (incoherent packaging). It could be an incomplete upload rather than malicious, but you should obtain the missing files and review them before use.
功能分析
Type: OpenClaw Skill
Name: r-ggplot-quickplot
Version: 3.1.0
The skill bundle contains shell scripts (run_docker.sh, run_singularity.sh, and run.sh) that are vulnerable to shell injection because they do not sanitize the input file path argument before using it in command substitutions and path evaluations. Additionally, the scripts automatically invoke 'install.packages' in R, which presents a supply chain risk by executing code from external repositories during setup. While these appear to be unintentional security flaws rather than intentional malware, they constitute high-risk behaviors in an automated agent environment.
能力评估
Purpose & Capability
The name/description (CSV -> 9 ggplot2 charts, Docker/Singularity support) is consistent with the presence of config, sample data, and build/run scripts. However the package is missing key runtime/build artifacts referenced by the docs: run_plot.R (the R script the wrappers call) is not present in the manifest, and the SKILL.md metadata references a Dockerfile and Singularity.def that are not included. Additionally, two SKILL.md variants declare different required binaries (one lists docker, another lists Rscript), which is an incoherence between declared requirements and runtime files.
Instruction Scope
The included shell scripts (run.sh, run_docker.sh, run_singularity.sh, build_*.sh) operate only on local input/output paths, check for docker/singularity/R, and optionally build/push images. They do not attempt to read unrelated system files or leak data to remote endpoints. Note: build_docker.sh can push images to Docker Hub when DOCKER_USERNAME is set; run_docker.sh copies and mounts local input/output into containers — expected behavior but you should be aware this gives the container access to those host paths.
Install Mechanism
There is no formal install spec (instruction-only). That is low risk normally, but here it's inconsistent with the declared 'docker' build metadata because the repository does not include the referenced Dockerfile or Singularity.def, so the provided build scripts cannot complete as-is. No remote downloads or obscure URLs are used in the included scripts (good), but the missing build/runtime files are a practical problem and an incoherence.
Credentials
No required environment variables or credentials are declared. Scripts optionally use DOCKER_USERNAME / DOCKER_IMAGE_NAME when pushing images; these are optional and proportional to the stated capability (publishing a Docker image). There are no requests for unrelated secrets or config paths.
Persistence & Privilege
The skill does not request permanent/automatic inclusion (always:false) and does not modify other skills or system-wide configs. Execution involves running containers or R scripts and creating output files in local directories — expected for this use case.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install r-ggplot-quickplot - 安装完成后,直接呼叫该 Skill 的名称或使用
/r-ggplot-quickplot触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.1.0
优化图表检测逻辑,支持任意列名的CSV数据;改进通用数据兼容性
v3.0.0
支持 Docker 和 Singularity 镜像,零代码可视化
v2.0.0
初始版本 - 支持自动检测数据列并生成9种图表
元数据
常见问题
R ggplot Quickplot 是什么?
上传 CSV 数据文件,自动生成 9 种常用 ggplot2 图表(散点图、柱状图、箱线图、折线图、直方图、分面图等)。零代码可视化,支持 Docker/Singularity 免安装运行。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 166 次。
如何安装 R ggplot Quickplot?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install r-ggplot-quickplot」即可一键安装,无需额外配置。
R ggplot Quickplot 是免费的吗?
是的,R ggplot Quickplot 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
R ggplot Quickplot 支持哪些平台?
R ggplot Quickplot 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。
谁开发了 R ggplot Quickplot?
由 kenthompson2088(@kenthompson2088)开发并维护,当前版本 v3.1.0。
推荐 Skills