投后管理报告自动更新
v1.0.0自动更新投后管理报告;当用户需要根据新财务报表和访谈纪要更新季度投后管理报告、生成财务数据分析、更新公司经营情况和行业分析时使用
⭐ 0· 223·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, declared Python dependencies (openpyxl, python-docx), SKILL.md steps, and the three scripts all align: they parse Excel/DOCX, extract metrics/text, and produce a DOCX report. There are no unexpected credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md confines actions to validating user-provided files, calling the included scripts, and using local reference documents. One small operational note: the example script invocations use a hard-coded workspace path (/workspace/projects/...), which is an environment assumption (not a security issue but may require path adjustments in some deployments). The guidance to "结合外部知识" (combine with external knowledge) refers to the agent/model using its knowledge and is reasonable for analysis tasks.
Install Mechanism
There is no install spec. The skill declares Python library dependencies in SKILL.md but does not provide an installation step; the runtime will require a Python environment with openpyxl and python-docx installed. Lack of an automated install is not malicious but is an operational gap the user should address.
Credentials
The skill does not request environment variables, credentials, or config paths. The scripts only read user-supplied files and write an output DOCX; they do not access network endpoints or secrets.
Persistence & Privilege
always:false (default) and the skill does not modify other skills or system-wide settings. It only writes the generated report file to the specified output path.
Assessment
This skill appears to do what it claims: parse XLSX/DOCX inputs and generate an updated DOCX report using local scripts. Before installing/using it: 1) Ensure you run it in an environment with Python and the required libraries (openpyxl, python-docx) or install those packages first. 2) Test on non-sensitive sample files to confirm paths and formatting (the SKILL.md examples use /workspace/... paths which you may need to change). 3) Verify outputs for correctness—these scripts use heuristics to find metrics and may mis-parse unusual spreadsheet layouts. 4) Run in an isolated workspace if inputs contain sensitive data; although the code does not perform network calls or read env vars, the agent/model that performs the textual analysis may use external knowledge—avoid sending sensitive content to external services. 5) If you need an automated installer or stricter dependency management, ask the skill author to supply an install spec (requirements.txt or a package step).Like a lobster shell, security has layers — review code before you run it.
latestvk97ejtmg5gpw61wzzgm7zh7v1d82mx6v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.