ClawHub

lin

v1.0.0

Generate annual insurance welfare Word reports from `gh_hg_bscyearall_dues` in OpenClaw format. The packaged Python entry extracts the target year, inspects...

0· 33·0 current·0 all-time
by番茄番茄番茄范@lin-shiwu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, skill.json, and src/main.py all describe querying a MySQL table, reading INFORMATION_SCHEMA column comments, mapping fields, and producing a .docx from a bundled base64 template. The declared inputs (db_host, db_user, db_password, database, table_name, year, etc.) are exactly what this task needs.
Instruction Scope
Runtime instructions are focused: install requirements, run src/main.py with db parameters or request_text. The entry code reads the bundled base64 template, queries MySQL (via PyMySQL or a mysql CLI fallback), reads INFORMATION_SCHEMA, and writes outputs/. It does not contact external network endpoints or attempt to read unrelated system files. Note: the code may invoke the mysql CLI via subprocess.run when PyMySQL isn't available — this is expected for the provided fallback but means the system must have mysql on PATH if used.
Install Mechanism
There is no remote download; requirements.txt only lists PyMySQL. The template is embedded in-repo as a base64 text file. No install script pulls arbitrary code from the network or writes binary blobs to unusual locations.
Credentials
The skill requests database connection parameters as inputs (db_host/db_user/db_password/database/table_name), which are proportionate to querying MySQL. No unrelated environment variables or external service credentials are requested.
Persistence & Privilege
always is false; the skill is user-invocable and does not request permanent/force-installed privileges or modify other skills or system-wide agent settings.
Scan Findings in Context
[base64-block] expected: A large base64-encoded Word template is embedded in assets/beijing_office_annual_template.docx.base64.txt. The base64 presence is expected for an included .docx template; the pre-scan flagged a base64 block but that is consistent with the described behavior.
Assessment
This skill appears to do what it says: generate a .docx report from a MySQL table using an embedded template. Before running it: (1) don't run it with high-privilege or production DB credentials — provide a least-privilege, read-only account scoped to the reporting schema; (2) inspect the bundled template (assets/...base64.txt) if you need to confirm its contents; (3) be aware the code may call the mysql CLI fallback (subprocess.run) if PyMySQL is unavailable — ensure mysql on PATH is the binary you expect; (4) run in an isolated environment if you are unsure (or review the full src/main.py for any additional behavior). Overall there are no red flags that contradict the declared purpose, but treat any DB access as sensitive and use appropriate credentials and environment isolation.

Like a lobster shell, security has layers — review code before you run it.

latestvk972032txnhvqkxym4gs7q70hs842dpm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments