ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CNC Quote Workflow

v2.0.2

CNC智能报价Workflow - 多Agent协作闭环。从黑盒24h到白盒10min。主赛道Workflow Hacker + 副赛道Agent Worker。

0· 94·1 current·1 all-time
by@timo2026

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for timo2026/cnc-quote-workflow.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "CNC Quote Workflow" (timo2026/cnc-quote-workflow) from ClawHub.
Skill page: https://clawhub.ai/timo2026/cnc-quote-workflow
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cnc-quote-workflow

ClawHub CLI

Package manager switcher

npx clawhub@latest install cnc-quote-workflow
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill advertises a 3-agent workflow (parser → RAG → meta-cognition) and 10‑minute white‑box quoting, but the code/configuration actively forces a Rule-Only (pure math) fallback in production mode. Several modules the multi-agent flow depends on (case_retriever, risk_control, uniskill-v4) are not bundled; given config.json sets stability.mode='production' the engine's _should_fallback() returns True and the full multi-agent pipeline will be skipped in typical runs. This is an internal inconsistency between claimed capabilities and what will actually run.
Instruction Scope
Runtime instructions are simple (pip install pyyaml; import and run WorkflowEngine). The code reads its local config.json and may insert an absolute path '/home/admin/.openclaw/workspace/skills/uniskill-v4' into sys.path to enable UniSkill optionally. That path insertion would cause the runtime to load local code if present — not inherently malicious but worth noting. There are no network endpoints, no secret reading, and no broad file system reads beyond the skill folder and an optional user path.
Install Mechanism
This is an instruction + code bundle with no install spec; dependencies are minimal (pyyaml). No downloads from external URLs or archive extraction are present. Risk from install mechanism is low.
Credentials
The skill requests no environment variables, no credentials, and no special config paths beyond reading its own config.json and workflow.yaml. The use of an absolute user path for optional UniSkill is a local path access but does not request secrets.
Persistence & Privilege
Skill flags are default (not always:true). It does not attempt to modify other skills or system settings. The code may add a path to sys.path at runtime to load optional components, but it does not persistently change agent config or enable itself across agents.
What to consider before installing
Summary of what to consider before installing/running: - Capability mismatch: The README/SKILL.md promises a 3-agent, fast workflow, but config.json sets production mode and the engine's logic will trigger Rule-Only fallback (pure rule math) — you will likely not get the advertised multi-agent behavior unless you change config or provide missing modules. - Missing components: agent2_rag expects case_retriever and risk_control modules and agent3 tries to optionally load UniSkill from an absolute local path; none of those are included. If you enable them, inspect their code before use. - Optional local path insertion: agent3_meta inserts '/home/admin/.openclaw/workspace/skills/uniskill-v4' into sys.path. If that path exists on your system it could cause the workflow to import and execute local code. Only enable/unpack third-party components you trust. - Bugs and robustness: There are small code issues (e.g., agent3 references Path without importing it) and version mismatches (config.json v2.0.1 vs skill v2.0.2). Test in an isolated environment first. Recommendations: 1. Run this in a sandbox or isolated environment (no sensitive data) to confirm actual behavior. 2. If you need the multi-agent pipeline, obtain and review the missing modules (case_retriever, risk_control, uniskill-v4) and verify their provenance and code before placing them on the filesystem where the skill can import them. 3. If you do not want the Rule-Only fallback, edit config.json (stability.mode) and understand the implications; changing it may cause the engine to attempt imports that are currently missing. 4. Contact the author/maintainer to clarify why production mode forces fallback and to request the missing components or an explanation of intended deployment. Given these inconsistencies, exercise caution and verify the runtime behavior before trusting this skill for production quoting.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dakg7p4sgfz01yjvg4ny9k183zvg0
94downloads
0stars
2versions
Updated 4w ago
v2.0.2
MIT-0
@timo2026
latest
Download

🦫 CNC智能报价Workflow

一句话故事: "10年制造业老师傅用 ClawHub 已发布的 CNC Quote Skill + OpenClaw Workflow,实现从黑盒24h 到白盒10min 的智能报价闭环"

作者信息

项目信息
作者Timo
邮箱miscdd@163.com
标识海狸 (Beaver) - 靠得住、能干事、在状态

参赛信息

项目
主赛道Workflow Hacker
副赛道Agent Worker
核心Skillcnc-quote-system
版本v2.0.2

Workflow架构

用户输入
    ↓
┌─────────────────────────────────────┐
│ Agent1: 输入解析                    │
│ - 解析材料/尺寸/表面/数量           │
│ - 结构化查询输出                    │
└─────────────────────────────────────┘
    ↓
┌─────────────────────────────────────┐
│ Agent2: RAG检索                     │
│ - 案例检索(历史数据)              │
│ - 风险评估                          │
└─────────────────────────────────────┘
    ↓
┌─────────────────────────────────────┐
│ Agent3: 元认知审核                  │
│ - 自我辩论                          │
│ - 行业分析                          │
│ - 生成白盒报价报告                  │
└─────────────────────────────────────┘
    ↓
输出: 报价报告 + 风险预警

核心优势

优势说明
速度10分钟(行业平均24h+)
📊 透明白盒报价,完整成本分解
🧠 智能3个Agent协作,自我辩论
🏆 效率效率提升144倍

文件结构

cnc-quote-workflow/
├── SKILL.md              # Skill文档
├── workflow.yaml         # Workflow定义
├── agent1_parser.py      # Agent1: 输入解析
├── agent2_rag.py         # Agent2: RAG检索
├── agent3_meta.py        # Agent3: 元认知审核
├── workflow_engine.py    # Workflow编排引擎
├── rule_only.py          # Rule-Only兜底引擎
├── config.json           # 配置文件
└── requirements.txt      # 依赖列表

快速开始

安装依赖

pip install pyyaml

运行Workflow

from workflow_engine import WorkflowEngine

# 创建引擎
engine = WorkflowEngine()

# 执行报价
result = engine.execute("铝合金6061,100x50x10mm,表面阳极氧化,10件")

# 生成报告
report = engine.generate_report(result)
print(report)

测试用例

输入单价交期
铝合金6061,100x50x10mm,阳极氧化,10件¥85.627天
不锈钢304,200x100x5mm,镀铬,50件¥141.057天
45号钢,80x40x8mm,淬火,1件¥80.155天

行业对比

平台类型平均报价时间透明度我们的优势
A类平台24h黑盒效率提升144倍
B类平台48h黑盒效率提升288倍
C类平台12h半透明效率提升72倍
我们的系统10min白盒-

元认知特色

自我辩论流程

  1. 🤖 正方: 检索到X个案例,置信度Y%
  2. 🤖 反方: 置信度<80%,建议人工复核
  3. ⚖️ 仲裁: 自动通过/条件通过/需人工审核

工业稳定设计

模式说明
Rule-Only兜底纯规则计算,100%稳定
UniSkill可选默认关闭,可配置启用
自动降级失败时自动切换兜底模式

License

MIT License - Copyright (c) 2026 Timo

🦫 海狸 (Beaver) | 靠得住、能干事、在状态

Comments

Loading comments...