test
v1.0.0为AIME(AI交易助手)生成综合用户行为分析报告。当用户要求分析用户行为、生成用户报告、分析交互模式、调查用户流失、了解用户参与度或从用户ID或日志数据创建分析文档时,使用此技能。
⭐ 0· 201·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (analyzing AIME user logs) is plausible and matches the inputs described (Excel logs, user ID, date range). However, the SKILL.md repeatedly references local Python scripts (e.g., scripts/analyze_user.py, scripts.user_data_extractor) and a runtime architecture (Python + Claude Code) that are not present in the skill bundle. That is an incoherence: a skill that tells the agent to run scripts it doesn't supply or declare how to install.
Instruction Scope
The instructions direct the agent to read arbitrary Excel files from user-provided filesystem paths and to extract full user query text (including non-Chinese text to be translated). This is expected for a log-analysis tool, but the SKILL.md also asserts 'Claude Code will automatically read Excel file' without specifying execution boundaries. The guidance grants broad discretion to access local files and produce verbatim user queries (potentially sensitive/PII). Additionally, the instructions are prescriptive about producing full lists of user questions and translations, which increases data-exposure risk.
Install Mechanism
There is no install spec (instruction-only). That is lower-risk in general, but here it amplifies the problem: the document assumes local Python scripts and tooling exist (and suggests using Pandoc, generating .docx, etc.) yet provides no installation, dependency list, or guidance for where the code comes from. An operator would need to supply/verify the referenced scripts; otherwise the instructions are unusable or could encourage executing arbitrary local commands.
Credentials
The skill requests no environment variables or credentials, which is proportionate. However, it requires direct access to local Excel files that may contain sensitive personal data or trading logs. The SKILL.md does not ask for or declare any data minimization or anonymization steps, nor does it constrain what gets transmitted to external analysis endpoints (e.g., where 'Claude Code' runs), so data-handling expectations are underspecified.
Persistence & Privilege
The skill does not request persistent or elevated privileges (always: false), and there is no install that writes files or modifies other skills. No evidence it tries to become always-on or alter agent configuration.
What to consider before installing
This package is an instruction template describing Python scripts that are not included. Before installing or invoking it: (1) Do not hand over raw Excel files with real user data until you confirm where analysis runs and who can see the data — consider anonymizing or sampling logs. (2) Ask the publisher for the actual scripts (scripts/analyze_user.py, user_data_extractor, etc.) or provide your own vetted implementation; do not run unknown local scripts. (3) Verify dependencies and runtime (what is 'Claude Code' in your environment?) and confirm whether any data will be sent to external services. (4) If you cannot obtain the code/source or a trustworthy provenance, treat this skill as unsafe to run with production or sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk9781q3sn0me6q7mngenv92chd82qq02
License
MIT-0
Free to use, modify, and redistribute. No attribution required.