供应链 BOM 数据分析
v1.0.1供应链 BOM 数据分析 - 从多份工程报价单和 Excel/CSV 表格中提取、清洗、对齐硬件设备 BOM 数据,生成按时间轴维度的物料需求预测汇总表。使用场景:(1) 分析多家供应商报价单;(2) 提取传感与采集设备、传输与组网类别的物料清单;(3) 跨表格物料标准化合并;(4) 按项目交付时间生成需求预测表。
⭐ 0· 287·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, and the two reference docs all describe spreadsheet/quote parsing, field extraction, name mapping, merging, and time mapping. There are no unexpected requirements (no cloud keys, no unrelated binaries), so requested capabilities match the stated purpose.
Instruction Scope
Runtime instructions focus on locating/filering BOM items, extracting core fields, standardizing names using the provided mapping, aggregating quantities, and mapping to delivery dates. They reference only user-provided project/time inputs and included mapping/rule files; they do not instruct reading unrelated system files, environment variables, or exfiltrating data to external endpoints.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes disk-write and supply-chain risk; nothing is downloaded or executed by default from untrusted URLs.
Credentials
The skill declares no required environment variables, credentials, or config paths. The operations described (parsing Excel/CSV, mapping names, summing quantities) do not justify additional secrets or elevated access.
Persistence & Privilege
always is false and model invocation is not disabled (normal). The skill does not request persistent system presence or modifications to other skills' config.
Assessment
This skill appears coherent and limited to BOM extraction and aggregation. Before installing or running it: (1) only provide the spreadsheets/quotes needed—remove unrelated sensitive columns or PII; (2) review the material-mapping and extraction rules to ensure mappings match your domain (incorrect mappings can misaggregate quantities); (3) if your agent will execute auxiliary code or use external tools to process Excel files, ensure those tools are trusted and sandboxed; (4) test on a small sample to verify time-mapping and summation logic. If the publisher later adds install scripts, remote endpoints, or requests credentials, re-evaluate as those would change the risk profile.Like a lobster shell, security has layers — review code before you run it.
latestvk978trg1vqnpefgjmktwfr40bs837y10
License
MIT-0
Free to use, modify, and redistribute. No attribution required.