← 返回 Skills 市场
80
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install survey-workflow
功能描述
组织健康度与员工敬业度调研全流程管理 Agent。功能包括:①员工名单批量导入问卷系统;②追加人员(增量导入);③发送调研通知(支持自定义通知模板);④追踪填答状态;⑤截止前自动催办;⑥拉取答卷数据(API直连);⑦计算本批次基准均值;⑧按模板生成部门/集团诊断报告。问卷包含麦肯锡组织健康度37题(10维度)+...
安全使用建议
This skill appears to be a legitimate survey workflow integration, but it expects gateway credentials and will process employee identifiers and submission data. Before installing: 1) Confirm the API endpoints belong to your organization (production domains shown are org-specific). 2) Do not provide a high-privilege org-wide appKey or long-lived access-token; instead create a scoped service account / token that only permits the needed operations (import targets, sendNotify, list submissions, pressure) and can be revoked. 3) Update the skill manifest to declare required env vars (e.g., APP_KEY, ACCESS_TOKEN) so the platform can surface and control secrets. 4) Test against the provided test environment before hitting production. 5) Decide and document where local archives (input/notification_records.json) are stored and who can read them; avoid storing tokens in plaintext. 6) Audit usage: monitor notification and pressure endpoints carefully (pressureNotify is a GET that triggers side effects) to avoid accidental spam or unauthorized notifications. If you cannot supply minimal, scoped credentials or cannot verify the service domains, treat this skill as not ready for deployment.
功能分析
Type: OpenClaw Skill
Name: survey-workflow
Version: 1.0.0
The survey-workflow skill bundle manages employee engagement surveys by executing local Python scripts and interacting with external APIs (mediportal.com.cn and xgjktech.com.cn). While its behavior is aligned with the stated purpose, it possesses high-risk capabilities including the handling of sensitive employee PII (IDs and names), network access for data exfiltration to external endpoints, and the execution of shell commands for report generation. Under the provided criteria, these risky capabilities are considered suspicious even if plausibly needed for the workflow, as they represent a significant attack surface without further sandboxing of the scripts (e.g., generate_dept_reports_v4.py) and API interactions.
能力标签
能力评估
Purpose & Capability
Name/description (全流程问卷管理:导入名单、发通知、催办、拉取答卷、统计与报告) align with the documented APIs and the SKILL.md; the endpoints and flows shown are coherent for a survey workflow agent.
Instruction Scope
The SKILL.md explicitly instructs calling gateway APIs that require an appKey or access-token header and to import/handle employeeId lists and submission details (sensitive PII). It also recommends archiving notification records to a local path (input/notification_records.json). The document references both test and production endpoints and instructs operations that cause side effects (sendNotify, pressureNotify). These runtime actions are within purpose but involve sensitive data, external network calls, and side-effecting endpoints that should be explicitly authorized and declared.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing will be written to disk by an installer; runtime network calls are the main surface.
Credentials
The SKILL.md requires authentication headers (appKey and/or access-token) for the API gateway, but the skill manifest declares no required environment variables or primary credential. This is an important mismatch: the agent will need credentials (gateway appKey, access-token or similar) and likely identity context for import operations, yet no credentials are requested or scoped in the metadata. The skill will handle employee IDs and submission data (sensitive), so missing credential declaration and lack of least-privilege guidance is a proportionality concern.
Persistence & Privilege
always is false and there's no instruction that the skill will enable itself or change other skills. The only persistence note is an advisory to archive notification records to a local path; that is operational guidance, not an elevated privilege request. Autonomous invocation is allowed (platform default) but not combined with always:true or broad undeclared credentials.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install survey-workflow - 安装完成后,直接呼叫该 Skill 的名称或使用
/survey-workflow触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
初始版本
元数据
常见问题
survey-workflow 是什么?
组织健康度与员工敬业度调研全流程管理 Agent。功能包括:①员工名单批量导入问卷系统;②追加人员(增量导入);③发送调研通知(支持自定义通知模板);④追踪填答状态;⑤截止前自动催办;⑥拉取答卷数据(API直连);⑦计算本批次基准均值;⑧按模板生成部门/集团诊断报告。问卷包含麦肯锡组织健康度37题(10维度)+... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 80 次。
如何安装 survey-workflow?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install survey-workflow」即可一键安装,无需额外配置。
survey-workflow 是免费的吗?
是的,survey-workflow 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
survey-workflow 支持哪些平台?
survey-workflow 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 survey-workflow?
由 spzwin(@spzwin)开发并维护,当前版本 v1.0.0。
推荐 Skills