← 返回 Skills 市场
历史基线分析
作者
Xtechmerge.AI
· GitHub ↗
· v1.0.0
· MIT-0
98
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install retail-store-poscore-baseline-analysis
功能描述
门店历史基线分析工具。基于Agent API数据库视图,提供多周期基线+四分位分析。 核心能力: 1. 多周期基线(13周/季度、26周/半年、52周/全年、12个月) 2. 多维度分组(按星期几分组、自然周、自然月) 3. 四分位分析(P25/P50/P75,识别异常区间) 4. 基线类型(weekday按星期...
安全使用建议
This skill appears to implement the baseline analysis it advertises, but there are red flags you should address before installing or running it in production:
- The code inserts a hard-coded absolute path (/Users/yangguangwei/...) into sys.path and imports api_client from there. Ask the publisher why this external module is required and request that api_client be bundled, replaced with a documented dependency, or imported via a relative path. Running the skill as-is could cause it to execute code outside the skill bundle if that path exists in your environment.
- query_database is called but not defined in the skill; confirm what api_client.query_database does, what credentials it uses, and whether it can access more data than intended. Prefer explicit, documented dependencies or an SDK instead of implicit imports.
- The SQL strings are built via f-strings with interpolated store_id/dates. If you or callers can pass untrusted input into store_id, this could produce unexpected SQL. Validate or sanitize inputs if you accept external values.
- Some data-fetching functions (weekly/monthly) appear unimplemented/return empty lists; test the skill with non-production data and review outputs for correctness.
If you cannot get satisfactory answers about the api_client dependency and the hard-coded path, treat the skill as risky and avoid running it in environments where that path could contain attacker-controlled code or where query_database has broad DB privileges.
功能分析
Type: OpenClaw Skill
Name: retail-store-poscore-baseline-analysis
Version: 1.0.0
The skill performs retail store performance baseline analysis but contains potential SQL injection vulnerabilities in analyze.py (e.g., fetch_daily_data, fetch_weekly_data) where user-provided parameters like store_id and dates are inserted directly into SQL queries using f-strings. It also relies on a hardcoded local file path (/Users/yangguangwei/...) to import its database client, which is a poor practice but not inherently malicious.
能力评估
Purpose & Capability
Name/description (store baseline analysis) match the code's functionality (fetch historical data, compute quartiles, compare current vs baseline). The dependency on an Agent API query_database function is reasonable for a DB-backed analysis tool. However, the code also modifies sys.path to a user-specific absolute path (/Users/yangguangwei/.openclaw/workspace-front-door) to import api_client, which is unusual for a distributable skill and not justified in SKILL.md.
Instruction Scope
SKILL.md describes only analysis and shows a simple Python API. The actual runtime code issues SQL queries (via query_database) built with f-strings, parses results, and returns baselines. That's within expected scope, but the SQL is constructed with unsanitized interpolation of store_id and dates (typical but worth noting). The skill reads nothing else from the system in the provided code, but it depends on an external api_client (see purpose_capability).
Install Mechanism
No install spec (instruction-only / code bundled). Nothing is downloaded or written by an installer. This is the lower-risk arrangement for skill installation.
Credentials
The skill declares no required environment variables or credentials, which superficially limits exposure. However, it forcibly adds a hard-coded absolute path to sys.path and imports api_client from outside the skill package; that external module could access credentials or agent internals at runtime. The lack of declared dependency / explanation for api_client is disproportionate and obscures what privileges the skill will use.
Persistence & Privilege
always is false and the skill does not request persistent/always-on privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other elevated flags.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install retail-store-poscore-baseline-analysis - 安装完成后,直接呼叫该 Skill 的名称或使用
/retail-store-poscore-baseline-analysis触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: 支持多周期基线、四分位分析
元数据
常见问题
历史基线分析 是什么?
门店历史基线分析工具。基于Agent API数据库视图,提供多周期基线+四分位分析。 核心能力: 1. 多周期基线(13周/季度、26周/半年、52周/全年、12个月) 2. 多维度分组(按星期几分组、自然周、自然月) 3. 四分位分析(P25/P50/P75,识别异常区间) 4. 基线类型(weekday按星期... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 98 次。
如何安装 历史基线分析?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install retail-store-poscore-baseline-analysis」即可一键安装,无需额外配置。
历史基线分析 是免费的吗?
是的,历史基线分析 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
历史基线分析 支持哪些平台?
历史基线分析 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 历史基线分析?
由 Xtechmerge.AI(@gwyang7)开发并维护,当前版本 v1.0.0。
推荐 Skills