Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (care scheduling) match the included Python and JS code: scheduler.py and generate.py implement local schedule generation and CSV export; assets implement a UI for entering staff and generating schedules. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md instructs a simple conversational flow to collect staff names and parameters and to output a Markdown table and offer CSV export. That stays within scope. The included code will create CSV files on disk if executed; SKILL.md does not explicitly document use of the bundled scripts or the client-side '通义千问 API Key' UI element seen in assets/app.js, which could allow the app to call an external model if implemented.
Install Mechanism
No install spec or remote downloads; this is primarily code bundled with the skill (no package installs or archive downloads). This is lower risk than remote install mechanisms.
Credentials
The skill declares no required env vars or credentials (primaryEnv none). However, assets/app.js exposes an optional input labeled '通义千问 API Key' and a link to dashscope.console.aliyun.com; if the JS uses that key it could transmit staff names and schedule data to a third-party model service. The SKILL.md does not mention this optional external API. Do not provide API keys unless you trust the endpoint and have reviewed the client code path.
Persistence & Privilege
always:false and no system-wide config changes. The Python code writes CSV files to the local working directory when exporting—normal for this function but be aware of filesystem writes. There is no indication the skill modifies other skills or requests elevated privileges.
Assessment
The skill appears to do what it says: it generates schedules and can export CSVs. Before installing or using it, review the bundled assets/app.js generate() path to confirm whether it sends data to an external API when an API key is provided. If you will process real staff/personal data, prefer the local Python generator (scheduler.py), avoid entering any third‑party API keys, and run the code in a controlled environment so exported CSVs are stored where you expect. If you plan to supply an external model key, verify the exact endpoint and data sent (staff names and shift details are sensitive) and only use a trusted, privacy-compliant service.Like a lobster shell, security has layers — review code before you run it.
elderly-carevk97c0tn9cd7s8rggj6zxkapk3d837dwalatestvk97c0tn9cd7s8rggj6zxkapk3d837dwanursingvk97c0tn9cd7s8rggj6zxkapk3d837dwaschedulevk97c0tn9cd7s8rggj6zxkapk3d837dwa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.