Sop Bom Report
v1.4.2SOP与BOM对比校对,生成独立校对报告。支持单个SOP与多个BOM合并校对。从SOP提取物料信息(含页码、序号),与BOM对比,生成包含三个表格的报告:有差异物料(并排对比)、SOP独有物料、BOM独有物料。差异用红色标注,重复物料编码用黄色标注。自动清理临时文件和旧报告缓存。跨平台兼容(Linux/Mac/W...
⭐ 0· 126·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (SOP vs BOM comparison) match the provided Python script and SKILL.md. The script parses .xlsx (zip/XML and optionally openpyxl), extracts material fields, generates XLSX reports, and performs cache cleanup — all consistent with the stated feature set.
Instruction Scope
SKILL.md instructs the agent and user to invoke the included Python script with SOP/BOM files, and the script reads and parses Excel internals and shared strings. These actions are within the skill's scope. Caution: the script uses zipfile.extractall on user-supplied xlsx files (no explicit sanitization of archive paths) and deletes temp files matching patterns (e.g. sop_extract_*/report_*), so processing untrusted/malicious .xlsx files could lead to unexpected file writes or deletions on the host if a crafted archive or name collisions are used.
Install Mechanism
No install spec included (instruction-only + a bundled Python script). Dependencies are standard/optional (openpyxl) and documented. No downloads from external URLs or package managers are invoked by the skill itself.
Credentials
The skill requests no environment variables or credentials. It only reads files provided by the user and uses the system temp directory and working directory; these accesses are proportional to its functionality.
Persistence & Privilege
Skill is not always-enabled and does not request persistent elevated privileges. It performs local temporary file creation and cleanup within the temp directory and does not modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it claims (compare SOP and BOM Excel files and produce a report). Before installing or running it:
- Only run the script on SOP/BOM files from trusted sources; a maliciously crafted .xlsx could include path entries that exploit zip extraction (zip slip) or overwrite files when extracted.
- Consider running this tool in an isolated environment (VM or container) if you must process untrusted documents.
- Review the included scripts/sop_bom_report.py yourself if you can, or run it on sample files first to verify behavior.
- If you will run it regularly, install Python 3.8+ and optionally openpyxl. Ensure the process has only the minimum filesystem permissions required and that temp directories are monitored/backed up if needed.Like a lobster shell, security has layers — review code before you run it.
latestvk975246d31fh2063r1bh8n125h84nj7d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.