工业化数据处理
工业级 IQC 控制计划解析,支持 Excel 转 CSV、JSON,含安全认证及数据提交,保证企业数据处理稳定可靠。
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 188 · 0 current installs · 1 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description align with the code: preprocess Excel, convert CSV→JSON, obtain JWT, and POST to an API. Requiring network submission and authentication is coherent with the stated purpose. However the scripts embed a fixed API base URL (http://192.168.60.241:1120) and baked-in username/password, which are sensitive implementation details that are not surfaced in the skill metadata or requires.env — this is unexpected and worth attention.
Instruction Scope
SKILL.md defines a 4-step workflow matching the included scripts. But SKILL.md passes params like secret_key and expire_minutes to the jwt-security-layer step while the jwt_token.py script ignores such runtime secrets and instead uses hard-coded USERNAME/PASSWORD in-source. The scripts read/write run-specific files (current_run_id.txt, output/jwt_token.txt, token cache) and perform network requests to the hard-coded API. These behaviors are within the declared functional scope but the mismatch (declared parameters vs actual use) and the implicit network calls are concerning because the skill may send processed data to the embedded endpoint without asking for environment-level credentials.
Install Mechanism
There is no external install spec or remote-download step; all code is bundled with the skill. This reduces supply-chain risk from remote fetches. The scripts do require common Python packages (pandas, requests, openpyxl/xlrd) but they only check at runtime and instruct the user to pip install if missing.
Credentials
The skill declares no required environment variables or credentials, yet the jwt_token.py contains hard-coded credentials (USERNAME='kang', PASSWORD='kang123456') and a LOGIN_MESSAGE. That means secrets are embedded in the skill rather than requested from the environment — a poor security practice and a potential leak if those credentials are real. The target API is a private IP:port; while plausible for an enterprise, it isn't explained in metadata. Because the skill can post arbitrary produced JSON to that endpoint, the effective credential/egress access is broader than the declared requirements.
Persistence & Privilege
The skill does not set always:true and does not request system-wide configuration changes. It creates run-specific files and token cache under its own directories (token_cache, output, logs) — standard for a pipeline. No evidence it modifies other skills or system-wide agent settings.
What to consider before installing
This skill appears to implement the advertised pipeline, but it embeds an internal API URL and hard-coded credentials in the code and the SKILL.md parameters do not match how the scripts actually use secrets. Before installing, consider: 1) Do you know and trust the API endpoint 192.168.60.241:1120 and the included credentials? If not, do not run it on sensitive systems or networks. 2) Prefer replacing hard-coded USERNAME/PASSWORD with environment variables or a secure secret store and update the scripts accordingly. 3) Review and, if needed, change any real passwords found in the files (treat them as compromised if you previously used them). 4) Run the pipeline in a sandbox or isolated network first to confirm what data is transmitted. 5) If you intend to integrate with your own API, update API_BASE_URL, LOGIN_PATH, and auth logic rather than relying on the embedded values. If you can provide the intended deployment environment or confirm the API owner, I can re-evaluate with higher confidence.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
name: iqc-python-tree version: 3.0.0
description: | 企业工业级 IQC 控制计划解析引擎终极稳定版: Excel → CSV → JSON AST → 安全认证 → 数据提交
author: inspection-planning
===============================
模型推理参数(低随机性工业模式)
===============================
model: temperature: 0 top_p: 0.05
===============================
工作流执行模式(稳定核心)
顺序执行,不使用复杂调度器
===============================
workflow:
steps:
# --------------------------------------------------
# Step 1:Excel 工业预处理层(核心稳定区)
# --------------------------------------------------
- name: preprocess-excel
executor: python
script: scripts/preprocess_excel.py
timeout: 120
retry: 2
params:
input_dir: ./input
output_dir: ./output/csv
# --------------------------------------------------
# Step 2:工业语义解析层(控制计划模型化)
# --------------------------------------------------
- name: csv-to-json-parser
executor: python
script: scripts/csv_to_json.py
timeout: 180
retry: 3
params:
input_dir: ./output/csv
output_dir: ./output/json
# --------------------------------------------------
# Step 3:安全认证层(企业安全标准)
# --------------------------------------------------
- name: jwt-security-layer
executor: python
script: scripts/jwt_token.py
timeout: 60
retry: 2
params:
secret_key: STATIC_SECRET_KEY
expire_minutes: 30
# --------------------------------------------------
# Step 4:工业数据提交层(最终出口)
# --------------------------------------------------
- name: enterprise-data-submit
executor: python
script: scripts/data_submit.py
timeout: 120
retry: 3
params:
auth_mode: BearerToken
===============================
企业异常自愈策略(非常重要)
===============================
error_strategy:
global_retry: 3
fallback_mode: safe_exit
handlers: - log_error - save_checkpoint - alert_admin
===============================
日志审计系统(工业生产必须)
===============================
logging:
level: INFO persist: true path: ./logs/iqc_engine.log
===============================
输出策略
===============================
output:
format: json path: ./output/final compress: true
Files
5 totalSelect a file
Select a file to preview.
Comments
Loading comments…