← 返回 Skills 市场
kleberbaum

Roster

作者 kleberbaum · GitHub ↗ · v1.5.0 · MIT-0
linux ✓ 安全检测通过
867
总下载
0
收藏
1
当前安装
9
版本数
在 OpenClaw 中安装
/install roster
功能描述
Creates weekly shift rosters (KW-JSON) from CSV availability data and pushes them to GitHub.
安全使用建议
What to check before installing or enabling: 1) Limit the GitHub token: create a fine‑grained PAT scoped only to the single repo (contents: read/write, actions: write) and short lifetime; do NOT supply a broad classic repo token. 2) Test in a throwaway private repo with dummy employees to confirm behaviour and that GitHub Actions do only the expected PDF/email steps. 3) Manually inspect the repository workflows (.github/workflows/*.yml) — dispatched workflows run in repo context and can access repo secrets. 4) Review SKILL.md (and remove any hidden unicode control characters) — the file enforces mandatory emoji formatting and contains a detected unicode-control-chars pattern which is unusual; ensure there are no hidden instructions that could alter agent behaviour. 5) Be aware the skill will collect/store personal data (names, emails, minor status); keep ROSTER_REPO private and comply with data-protection rules. 6) If you want to prevent automatic writes/dispatches, do not enable autonomous invocation or run the skill only with user confirmation before any push/dispatch. If anything looks unexpected, prefer 'do not install' or test in an isolated environment first.
功能分析
Type: OpenClaw Skill Name: roster Version: 1.5.0 The 'roster' skill is a legitimate tool designed to manage shift schedules by synchronizing CSV data with a GitHub repository. It utilizes a set of shell scripts (e.g., push-to-github.sh, get-employees.sh) to interact with the GitHub API, and the SKILL.md provides detailed, context-specific instructions for the AI agent to handle complex business logic like minor protection and trainer assignments. While the skill requires sensitive environment variables (GITHUB_TOKEN) and handles employee PII, the implementation uses defensive coding practices (such as using Python for safe JSON/Base64 processing within shell scripts) and the documentation explicitly emphasizes security best practices, including the use of private repositories and fine-grained access tokens.
能力标签
requires-oauth-token
能力评估
Purpose & Capability
Name/description match required assets: scripts perform GitHub reads/writes, JSON push, and workflow dispatch. Declared binaries (curl, python3, base64) are used by the scripts and the requested env vars (GITHUB_TOKEN, ROSTER_REPO) are exactly what the GitHub integration needs.
Instruction Scope
SKILL.md prescribes a full workflow: load employees.json, parse CSVs, create JSON, push to GitHub, and trigger workflows. It also mandates strict Telegram formatting (many required emojis, forbidden formats) and tells the agent to 'memorize' employee data and request emails for new employees. These formatting rules are unusual and there is a pre-scan flag for unicode-control-chars in SKILL.md (possible prompt-injection artifact). The data-collection behaviour (asking for new employee emails) is expected for the feature but is PII-sensitive and should be used only with consent and in a private repo.
Install Mechanism
There is no network download/install step; this is instruction + script-based and ships with the scripts. No external archives or unusual installers are fetched at runtime by the skill itself. Risk from install mechanism is low.
Credentials
Only GITHUB_TOKEN and ROSTER_REPO are required. Those are proportionate: scripts read/write employees.json and dispatch GitHub Actions. The README explicitly recommends a fine-grained PAT and minimal permissions (Contents read/write, Actions write), which is appropriate.
Persistence & Privilege
always:false (not forced into all agents). The skill can autonomously run (default) and — with the provided token — can push JSON files, update employees.json, and dispatch GitHub Actions. This is expected for the feature but gives the skill meaningful write-and-trigger capability in the target repo; review workflows and token scope before enabling autonomous runs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install roster
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /roster 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.5.0
Added domain glossary, multi-slot logic, minor group checks, group formation algorithm
v1.4.0
v1.4.0: Mandatory emoji formatting for all Telegram responses
v1.3.0
Version 1.3.0 - Updated SKILL.md instructions and documentation for clarity and completeness. - No code or functional changes; metadata and requirements remain unchanged. - Ensured workflow steps and user interaction patterns are clearly documented.
v1.2.0
**Summary:** Major update with better file handling, workflow integration, and usability improvements. - New: Detect and reject Apple Numbers (`.numbers`) files with clear export instructions (no parsing attempts, one concise message). - New: Shell command execution must use `LANG=C LC_ALL=C` to avoid encoding issues; script path guidance improved. - New: On CSV upload, always check for existing weekly plan in GitHub; prompt user if overwriting or updating. - Improved: Automatically detect CSV separator (comma or semicolon) based on header. - Improved: Enhanced handling for free-text or incorrect user input; more robust flow for missing or invalid data formats. - Updated: Quick reference and workflows for negative feedback (e.g., user says "Falsch"), handling existing/planned weeks, response confirmations, and file format edge cases.
v1.0.4
Refactor: use separate timeStart/timeEnd fields instead of combined time with -- separator in KW JSON format.
v1.0.3
Fix injection vulnerabilities: all shell scripts now build JSON payloads via python3 json.dumps instead of string interpolation. CHAT_ID validated as numeric. Base64 encoding via printf stdin.
v1.0.2
Supervisor group always first (Group A). Fix script permissions.
v1.0.1
Fix metadata: declare required env vars and bins in SKILL.md frontmatter. Add privacy/security documentation.
v1.0.0
Initial release: weekly shift roster planner with CSV import, trainer assignment, car logistics, Telegram preview, GitHub Actions PDF/email workflows.
元数据
Slug roster
版本 1.5.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 9
常见问题

Roster 是什么?

Creates weekly shift rosters (KW-JSON) from CSV availability data and pushes them to GitHub. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 867 次。

如何安装 Roster?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install roster」即可一键安装,无需额外配置。

Roster 是免费的吗?

是的,Roster 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Roster 支持哪些平台?

Roster 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux)。

谁开发了 Roster?

由 kleberbaum(@kleberbaum)开发并维护,当前版本 v1.5.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论