← 返回 Skills 市场
gwyang7

导购个人业绩分析

作者 Xtechmerge.AI · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
111
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install retail-clerk-performance-analysis
功能描述
导购个人业绩深度分析工具。支持普通门店(POS数据)和AIoT门店(POS+AIoT数据)。 输出导购个人详细诊断报告,包含: 1. 核心业绩指标(销售额、排名、业绩占比) 2. 雷达图能力对比(6维能力 vs 门店平均) 3. 商品特征分析(品类/价格带/包型/颜色/新品偏好) 4. Top5 SKU爆品分析(...
安全使用建议
This skill appears to implement the analysis it claims, but before installing you should: 1) Review the api_client implementation (get_api_client) that the skill imports — confirm what credentials/tokens it uses and what endpoints it can call; the skill will run API calls using that client. 2) Remove or correct the hard-coded development path (/Users/yangguangwei/...) and the implicit sys.path inserts so the skill doesn't depend on a specific user's workspace. 3) Verify that the api_client's credentials are scoped to only the needed copilot/guide endpoints (least privilege) and cannot be used to access unrelated sensitive APIs or exfiltrate data. 4) Test the skill in a sandbox account with non-sensitive store data first. 5) If you need stronger guarantees, require the skill to accept an explicit, scoped credential or client factory (documented in SKILL.md) rather than relying on implicit imports of local code. If you want, provide the api_client code or its credential model and I can re-evaluate with higher confidence.
功能分析
Type: OpenClaw Skill Name: retail-clerk-performance-analysis Version: 1.0.0 The skill bundle is classified as suspicious due to several security vulnerabilities found in analyze.py. Specifically, the script contains a hardcoded absolute path to a developer's home directory (/Users/yangguangwei/.openclaw/workspace-front-door), which results in information disclosure and potential path hijacking. Additionally, the script lacks input sanitization for user-controlled parameters such as guide_name and store_id before passing them to internal API endpoints, which could allow for injection attacks if the backend services are not properly secured.
能力评估
Purpose & Capability
Name/description, SKILL.md and analyze.py all consistently implement a retail clerk performance analysis tool that calls internal APIs (/api/v1/guide/...). The required capabilities match the stated purpose. However the code depends on an external api_client from a local workspace (not declared) which is an implicit dependency outside the skill bundle.
Instruction Scope
Runtime instructions and code limit actions to calling internal copilot APIs for guide detail, order analysis, funnel and trial endpoints; they do not attempt arbitrary file exfiltration or external network endpoints. But sample usage and code add host-specific sys.path entries to import api_client, giving the skill access to whatever that client can call—this expands the effective scope beyond the documented endpoints.
Install Mechanism
No install spec or external downloads. The skill is instruction/code-only and doesn't install packages or fetch remote archives, which is low risk from an install perspective.
Credentials
The skill declares no required env vars or credentials but relies on get_api_client() imported from an external local module; that client likely uses platform credentials or tokens (not declared). Also the code inserts an absolute development path (/Users/yangguangwei/.openclaw/workspace-front-door) into sys.path — a hardcoded path leak and an implicit dependency on local environment/configuration. The absence of declared credentials with an implicit API client is disproportionate and warrants review.
Persistence & Privilege
always:false and default model invocation behavior. The skill does not request persistent system-wide privileges or modify other skills. Autonomous invocation is enabled by default (not flagged alone).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install retail-clerk-performance-analysis
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /retail-clerk-performance-analysis 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: 支持导购深度业绩分析、雷达图对比、AIoT转化分析
元数据
Slug retail-clerk-performance-analysis
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

导购个人业绩分析 是什么?

导购个人业绩深度分析工具。支持普通门店(POS数据)和AIoT门店(POS+AIoT数据)。 输出导购个人详细诊断报告,包含: 1. 核心业绩指标(销售额、排名、业绩占比) 2. 雷达图能力对比(6维能力 vs 门店平均) 3. 商品特征分析(品类/价格带/包型/颜色/新品偏好) 4. Top5 SKU爆品分析(... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 111 次。

如何安装 导购个人业绩分析?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install retail-clerk-performance-analysis」即可一键安装,无需额外配置。

导购个人业绩分析 是免费的吗?

是的,导购个人业绩分析 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

导购个人业绩分析 支持哪些平台?

导购个人业绩分析 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 导购个人业绩分析?

由 Xtechmerge.AI(@gwyang7)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论