cms-tbs-scene-create

v0.6.9

[skillcode:cms-tbs-scene-create][脚本编排/JSON 契约] 面向 Agent 与自动化的 TBS 训战「场景创建」闭环：tbs-scene-parse → tbs-scene-validate → tbs-scene-create（本地 Python，params-file/草稿...

⭐ 0· 102·0 current·0 all-time

by@spzwin

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for spzwin/cms-tbs-scene-create.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "cms-tbs-scene-create" (spzwin/cms-tbs-scene-create) from ClawHub.
Skill page: https://clawhub.ai/spzwin/cms-tbs-scene-create
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install spzwin/cms-tbs-scene-create

ClawHub CLI

Package manager switcher

npx clawhub@latest install cms-tbs-scene-create

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

The skill name/description (scene parse → validate → create) matches the included scripts and references. The included tbs_client.py, parse/validate/create scripts, and references are all appropriate to implement the stated functionality. The declared dependency on cms-auth-skills (to obtain an access token) aligns with the code requiring an access token at runtime.

ℹ

Instruction Scope

SKILL.md explicitly restricts behavior (require reading references, require explicit user confirmation, require token from cms-auth-skills) and instructs the agent to run the included Python scripts. The scripts read and write draft files (draftPath), perform multi-step parsing/validation, and call the TBS Admin API. This behavior is within the documented purpose, but the instructions rely on correct agent enforcement of confirmation steps; if an agent were to ignore the confirmation constraint, the scripts will perform remote create operations.

✓

Install Mechanism

No install spec is present (instruction-only skill with bundled scripts). Nothing is downloaded from external arbitrary URLs. Code files are bundled in the skill archive, so no additional installer risk is introduced by the registry metadata.

ℹ

Credentials

The skill requests no environment variables in the registry metadata; runtime requires an access token delivered via cms-auth-skills and passed to scripts as a CLI argument (--access-token). That is proportionate to a remote API client. There are no unrelated credentials requested. Ensure cms-auth-skills is trusted and that tokens supplied have least privilege.

ℹ

Persistence & Privilege

The skill is not always-enabled and does not request elevated platform privileges. However, the scripts perform network calls that create/modify remote resources and can write/overwrite local draft files at paths provided via draftPath/--params-file. If an attacker can control the draftPath or the agent auto-invokes the skill without confirmation, it could overwrite local files or create remote records. The SKILL.md mandates explicit confirmation, but platform enforcement should be verified.

Assessment

This skill appears to do what it says (parse → validate → create TBS scenes) and requires an access token from cms-auth-skills before it will call the remote API. Before installing or enabling the skill, consider the following: - Trust and scope of the token: The scripts require an access token passed as --access-token; ensure cms-auth-skills is trustworthy and that the token you provide has minimal permissions necessary for scene creation (avoid long-lived or broadly privileged tokens). - TLS verification disabled: tbs_client.py sets verify=False on requests.request, disabling SSL/TLS certificate verification. This makes network traffic susceptible to man-in-the-middle attacks and can leak tokens. Plan to patch the client (enable verify=True or configure CA) before using in production. - Local file writes / overwrite risk: The scripts read and may write a draftPath file (persist_result will create parent dirs and overwrite). Validate and sanitize any draftPath provided to avoid accidental or malicious overwrites of important files. - Autonomy and confirmation: The SKILL.md requires explicit user confirmation before create. Confirm your platform enforces that policy (i.e., the agent cannot autonomously call the create script without explicit user consent) because the scripts will perform real create operations when invoked. - Error messages / logs: Errors include portions of HTTP response bodies and request payloads; these may contain sensitive data. Ensure logging/STDERR consumers are appropriate and token values are not leaked to public logs. If you plan to use this skill in production, at minimum: (1) fix TLS verification, (2) audit token scope and issuance, (3) ensure the agent/platform enforces the explicit confirmation gating, and (4) review/limit file paths the skill may write to.

Like a lobster shell, security has layers — review code before you run it.

latestvk972vp3rwv8twjwmypbcda9bdh85frdt

102downloads

0stars

7versions

Updated 3h ago

v0.6.9

MIT-0

cms-tbs-scene-create

核心定位

本 Skill 只做一件事：根据用户执行意图，读取对应 references/*.md 与 references/*.json，再执行 scripts/*.py。
参数、边界、分支逻辑都以 references 为准，SKILL.md 只负责入口和流程约束。

与其它技能边界（Intent 防混淆）

维度	cms-tbs-scene-create（本仓库）	门户/存量「TBS训战平台助手」等（示例 ID 由平台配置，非代码真源）
交付形态	可执行脚本 + `references` 契约 JSON；适合 Cursor/Agent/CI	产品内对话与 UI，路由由平台运营配置
识别方式	以 skillcode `cms-tbs-scene-create`、已声明依赖、工具绑定为准	以平台侧技能 ID / 别名配置为准
重叠口令	「创建 TBS 场景」等自然语言不足以唯一路由；须配置优先级或显式让用户选技能	同上，由平台解决互斥与优先级
与已下架 `tbs-scenario-builder`	本 skill 为对齐 TBS Admin 的独立实现；验收对照见 `workspace/skills/tbs-scenario-builder-acceptance`，不承诺逐文件迁移旧私有仓库

平台侧建议：为「脚本链落库」与「门户对话助手」配置不同触发词或显式入口；避免两技能共用同一模糊触发语且无优先级。

强制前置

真实创建前须经 cms-auth-skills 取 token，并以 --access-token 注入 tbs-scene-create.py。细则见 references/auth.md。

标准执行流程（必须遵循）

识别用户是“执行动作”还是“纯咨询”。
若是纯咨询：先提供说明性答复，并明确询问是否进入创建执行；在用户未明确要求执行前，不进入脚本调用链路。若用户从咨询改口同意执行：下一轮进入真实创建前必须先完成 cms-auth-skills 取 token（失败则不得调用 tbs-scene-create.py），见 references/auth.md「执行分支预检」。
若是执行动作：先定位目标脚本。
先读取 references/auth.md，确保 access-token 与 --base-url 环境一致（未读不得进入真实创建链路）。
再读取该脚本对应的 references/*.md（及本阶段要求的 references/*.json），未读不得执行。
按文档组装参数并执行 python3 scripts/<name>.py。
如一轮调用多个脚本，每个脚本的 reference 都要先读再执行。

内部编排与门禁（要点）

环节	看什么
通用	`success` / `error`
parse	`stage`、`missingFields`、`parseMeta`、`userOutputTemplate`；拒补丁时 `patch_fields_locked` + `rejectedFields`
validate	`validationReport.scope`（`FULL`\|`TBV`）、`passed`、`blockingIssues`、`warningIssues`；TBV 另有 `tbvReport`；FULL 时另有 `userOutputTemplate.doctorOnlyContextCanon` / `doctorOnlyContextDiagnostics`、`createAgentHints`、`preCreateBlockedReminder`
草稿 `meta`	`lastFullValidationPassed`、`lastTbvPassed`（validate 写入；create 与入参 `meta` 合并）
create	`userConfirmation` + 上表校验与 `meta` 组合；结果里 `sceneId` 等

串联：parse →（可选 S3）→ validate → create。success=true 不等于可进下一步。

门禁细则（唯一真源）：

parse 门禁与补丁锁：references/tbs-scene-parse.md
validate 门禁（FULL/TBV、issue 分桶、自动收敛）：references/tbs-scene-validate.md
create 门禁（确认态、validationReport + meta 组合、展示与自校验）：references/tbs-scene-create.md
用户可见回显与拦截规则：references/common-params.md

执行原则：

先按脚本返回字段判定能否推进（不要凭 success=true 直接推进）。
失败（非用户取消）先处理 error，再重试或回退阶段。

用户可见回复

话术模板与阶段开场：references/common-params.md。
禁止播报读文档/跑脚本等内部过程；不向用户贴 JSON。
拦截、校验失败转写、收口：一律见 references/common-params.md（本节不重复）。

常用命令与必读文档

建议先读：references/README.md（总索引与推荐阅读顺序）。

脚本	必读 reference	用途
`tbs-scene-parse.py`	`references/tbs-scene-parse.md`	分阶段确认与门禁编排
`tbs-scene-validate.py`	`references/tbs-scene-validate.md`	创建前程序校验
`tbs-scene-create.py`	`references/tbs-scene-create.md`	用户确认后真实创建

补充：

自然语言骨架提取：references/base-info-parse.md + references/scene.schema.json（仅使用基础信息字段子集）
场景正文生成：references/scenario-json-parse.md + references/scenario-json-parse.model.schema.json
复杂编排示例：references/agent-patterns.md

测试示例（推荐）

示例 1：先做基础信息分阶段解析

# 第一步：先读 references/base-info-parse.md
# 第二步：按 references/scene.schema.json（基础信息字段子集）提取骨架并写入 payload.json
# 第三步：执行 parse，判断当前阶段
python3 scripts/tbs-scene-parse.py --params-file payload.json

示例 2：校验（全量 / PATCH 后轻量）

# 先读 references/tbs-scene-validate.md
python3 scripts/tbs-scene-validate.py --params-file draft.json
python3 scripts/tbs-scene-validate.py --params-file draft.json --scope tbv

示例 3：用户确认创建后真实落库

# 第一步：先读 references/tbs-scene-create.md
# --access-token 传入 cms-auth-skills 返回的真实 token；勿使用尖括号占位字面量
python3 scripts/tbs-scene-create.py \
  --params-file draft.json \
  --access-token "$ACCESS_TOKEN"

反向示例（不要这样做）

未获取 access-token 就直接执行 scripts/tbs-scene-create.py。
没读对应 references/*.md 就起调脚本。
未经过 tbs-scene-validate.py 就直接进入创建。
用户还没明确回复“确认创建”，就直接调用 /scene/createScene。
主数据精确匹配到多条时，擅自猜测业务领域、科室或品种。
用户明确“产品知识暂无 / 不提供资料”后，仍重复追问证据状态或强推知识主题。
基础信息确认阶段私自扩展结构化字段（如“关键决策者/利好背景/场景氛围”）并向用户展示，导致确认清单超出脚本门禁字段。
产品知识与资料确认阶段把问题拆成多轮反复追问（应优先引导用户一次性回复：主题 + 证据状态 + 证据来源）。

错误处理与通用参数

通用错误格式、--params-file 用法、输入文件规则请查看 references/common-params.md。

目录结构

cms-tbs-scene-create/
├── SKILL.md
├── version.json
├── scripts/
│   ├── README.md
│   ├── tbs_client.py
│   ├── tbs_md_sanitize.py
│   ├── tbs-scene-parse.py
│   ├── tbs-scene-validate.py
│   └── tbs-scene-create.py
└── references/
    ├── README.md
    ├── auth.md
    ├── base-info-parse.md
    ├── tbs-scene-parse.md
    ├── tbs-scene-validate.md
    ├── tbs-scene-create.md
    ├── scenario-json-parse.md
    ├── common-params.md
    ├── agent-patterns.md
    ├── maintenance.md
    ├── scenario-json-parse.model.schema.json
    └── scene.schema.json

Comments

Loading comments...