Biaoshu Writer
v5.4.0标书撰写器 v5.4.0 - 投标技术标文档自动生成工具。支持解析 txt/pdf/docx/xlsx 招标文件,生成符合评分标准的技术标 Word 文档。适用:技术标编写、交通工程(高速/航道)投标。
⭐ 1· 257·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the provided scripts: parse_bid_files.py (txt/pdf/docx/xlsx parsing), convert_to_word.py (Markdown→docx), check_chapter_words.py (word-count checks), merge_chapters.py, and font checks. Declared pip dependencies (python-docx, pdfplumber, openpyxl, PyPDF2) align with those functions.
Instruction Scope
SKILL.md stays within the stated purpose (send tender files → parse → generate chapters → humanize → check words → merge → convert). It references user-local paths (~/Library/Fonts/SimSun.ttf and /Users/owen/Desktop/{项目名称}/) which is expected for document output, but be aware these are hardcoded defaults the scripts/prompts assume. The included 'humanizer-zh' module is explicitly for removing AI-writing traces — functionally aligned but potentially ethically sensitive. There are code-quality issues: check_chapter_words.py includes an obvious printing bug (a malformed print: 'print(f=" * 60")') that will throw an error and break the 'must' word-check step if run unmodified; some parsing/sorting assumptions (e.g., filenames parsed by numeric prefix) can fail on unexpected filenames.
Install Mechanism
Install spec is a standard pip install of well-known PyPI packages. install-deps.sh creates a virtualenv and installs those packages. No downloads from arbitrary URLs, no archive extraction, and no obscure third-party installers detected in the provided files.
Credentials
The skill declares no required environment variables, no credentials, and no config-path access beyond typical user font and Desktop paths. That is proportional for a local file-parsing / document-generation tool.
Persistence & Privilege
The skill is not marked always:true, does not request persistent elevated privileges, and does not modify other skills' configurations. It operates on local files and a virtualenv; autonomous invocation is allowed by default but is not a special privilege here.
Scan Findings in Context
[pre-scan-none] expected: No regex-based scan findings were reported. That is plausible because the bundle contains only local scripts and no obvious remote-exec strings; however absence of findings is not a substitute for manual review (see code-quality notes).
Assessment
This package appears to do what it says (parse tender files, enforce chapter word counts, merge chapters, and convert Markdown to Word). Before installing or running it: 1) Review the scripts locally and run them inside an isolated environment (create a VM or container) and use the provided install-deps.sh which creates a virtualenv. 2) Fix known code issues first (e.g., check_chapter_words.py has a malformed print statement that will crash the script). 3) Ensure your chapter filenames match the naming convention expected by merge_chapters.py (numeric prefix like '01_...') or adapt the script. 4) Be cautious when following instructions to copy/download SimSun.ttf (font licensing and source trust); prefer obtaining fonts from legitimate sources. 5) The 'humanizer-zh' step intentionally removes AI-writing traces — consider legal/ethical/compliance implications before using it in regulated or audit-sensitive bids. 6) Do not run the tools on sensitive or confidential documents until you've validated behavior on non-sensitive samples. If you want, I can point to the exact lines that need fixes and suggest safe test commands to run in a temporary directory.Like a lobster shell, security has layers — review code before you run it.
automationvk97bqpz58t061jhqma7tn3vaas83aeedbidvk97bqpz58t061jhqma7tn3vaas83aeedhighwayvk97bqpz58t061jhqma7tn3vaas83aeedlatestvk9798etrtvcs26d5zvgk95mkvh84vgmxtechnical-proposalvk97bqpz58t061jhqma7tn3vaas83aeedwaterwayvk97bqpz58t061jhqma7tn3vaas83aeedwordvk97bqpz58t061jhqma7tn3vaas83aeed
License
MIT-0
Free to use, modify, and redistribute. No attribution required.