zhuocha

This skill appears to implement the duplicate-tender checking workflow described, but there are important mismatches and risky instructions you should address before installing or running it: - Implementation vs docs mismatch: SKILL.md requires reading detailed fields from dwd_bid_it_all on port 5200, but the included script reads those fields from the dify_ns_re_readsource table via the 6100 endpoint. Confirm which data source is correct and update docs or code. Also the doc admonition to avoid LEFT() in SQL contradicts the script, which uses LEFT(detail, N). - Dangerous DB operation: The documentation suggests using TRUNCATE TABLE result.dify_ns_re_result to recover from bad inserts. TRUNCATE removes all data and requires high DB privileges — do NOT run this without backups, explicit authorization, and an audit of who can perform it. Ask the author for safer remediation steps (e.g., DELETE with WHERE + logged backup, or use transactions and a staging table). - Network / auth: The script posts and queries internal HTTP endpoints (no auth in code). Confirm these endpoints require authentication and that writing to result.dify_ns_re_result is allowed for the account/service that will run the skill. If these endpoints are unauthenticated, running the skill could leak or corrupt internal data. - Testing & fixes: Run the script in a safe, isolated environment (or against a staging copy of the APIs and DB) and verify behavior. Check/fix SQL generation when 'done' set is empty to avoid malformed queries. Verify the list of jy_id written to rd is correctly formed and that the payload encoding/charset is handled safely (the docs mention Chinese punctuation problems). If you cannot validate the above with the skill author or test environment, treat this skill as untrusted and avoid running it against production/internal services.