← 返回 Skills 市场
门店客流分析
作者
Xtechmerge.AI
· GitHub ↗
· v1.0.0
· MIT-0
112
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install retail-traffic-analysis
功能描述
门店客流与转化漏斗分析工具。基于AIoT客户行为数据(customerFunnel + behaviorFunnel)。 核心能力: 1. 双漏斗结合分析(customerFunnel客户分层 + behaviorFunnel试用行为) 2. 五步分析法(获取数据→解析customerFunnel→解析behav...
安全使用建议
This skill appears to implement the documented analysis but has two issues you should verify before installing:
1) Hard-coded import path: analyze.py inserts '/Users/yangguangwei/.openclaw/workspace-front-door' into sys.path and imports api_client. That means the skill will load code from that local path if present. Verify who authored the api_client at that location and what it does. If you don't control or trust that path, the skill could execute arbitrary local code.
2) Undeclared credentials/config: The skill calls get_copilot_data(...) to fetch store data but doesn't declare required API host or authentication environment variables. Inspect api_client.get_copilot_data to see where it sends requests and which credentials it uses. Ensure it doesn't send data to unexpected endpoints or read secrets from your environment (e.g., ~/.aws, token files, or other local config).
Recommended actions before use:
- Open and review the api_client implementation that will be imported in your environment (or run the skill in an isolated sandbox where you control api_client).
- Replace the hard-coded sys.path insertion with a documented import/install mechanism (or vendor a minimal, audited api client in the skill) and require explicit env vars for API host and token.
- Run the skill in a restricted environment or with network monitoring to confirm it only calls the intended API endpoint and does not exfiltrate data.
If you can provide the api_client source or confirm where get_copilot_data sends requests and how it's authenticated, I can reassess and raise or lower the concern level.
功能分析
Type: OpenClaw Skill
Name: retail-traffic-analysis
Version: 1.0.0
The skill bundle provides a legitimate-looking retail traffic analysis tool, but contains a hardcoded absolute path to a specific user's directory (/Users/yangguangwei/.openclaw/workspace-front-door) in analyze.py. This is a security vulnerability (information leakage and potential path injection) and a sign of poor environment isolation. While the SKILL.md instructions and the logic in analyze.py appear focused on data processing without clear malicious intent like exfiltration or backdoors, the use of hardcoded local paths and manual sys.path manipulation is a high-risk practice in an agentic environment.
能力评估
Purpose & Capability
The code and SKILL.md match the described purpose (fetch customerFunnel and behaviorFunnel, compute conversion metrics). However, the implementation inserts a hard-coded sys.path to '/Users/yangguangwei/.openclaw/workspace-front-door' to import api_client, which is a user-specific path and unusual for a distributable skill; this is a coherence / portability oddity (works only in that environment) and could cause the skill to pick up arbitrary local code.
Instruction Scope
SKILL.md instructs the agent to fetch data from an API endpoint and run the analysis — consistent with the code. The code delegates all network/data access to api_client.get_copilot_data('/api/v1/store/dashboard/bi?...'). The SKILL.md does not specify how api_client is configured or what credentials it uses. Because data fetching is outsourced to api_client, the runtime behavior depends entirely on that module (which may perform network calls, use local credentials, or contact unexpected endpoints).
Install Mechanism
No install spec or external downloads are present; the skill is instruction+code only. Nothing is written to disk by an installer in the provided files.
Credentials
The skill declares no required environment variables or credentials but imports a local api_client that almost certainly requires configuration (API host, auth tokens). The hard-coded insertion of a local absolute path means the skill can import code from a user's filesystem location, which could access local secrets or system-configured credentials. The lack of declared credential requirements is a mismatch and a potential avenue for unexpected access to sensitive data.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent settings, and returns results without persisting changes. No elevated persistence behavior observed.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install retail-traffic-analysis - 安装完成后,直接呼叫该 Skill 的名称或使用
/retail-traffic-analysis触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: 支持客流漏斗分析、双漏斗结合、转化效率诊断
元数据
常见问题
门店客流分析 是什么?
门店客流与转化漏斗分析工具。基于AIoT客户行为数据(customerFunnel + behaviorFunnel)。 核心能力: 1. 双漏斗结合分析(customerFunnel客户分层 + behaviorFunnel试用行为) 2. 五步分析法(获取数据→解析customerFunnel→解析behav... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 112 次。
如何安装 门店客流分析?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install retail-traffic-analysis」即可一键安装,无需额外配置。
门店客流分析 是免费的吗?
是的,门店客流分析 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
门店客流分析 支持哪些平台?
门店客流分析 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 门店客流分析?
由 Xtechmerge.AI(@gwyang7)开发并维护,当前版本 v1.0.0。
推荐 Skills