ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Issue Analysis Agent

v1.0.0

自动分析客服问题Excel,生成含趋势对比的周报,支持HTML可视化、多图表展示及自动告警并上传公网链接。

0· 61·1 current·1 all-time
by@davidunderwood7970

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for davidunderwood7970/issue-analysis-agent.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Issue Analysis Agent" (davidunderwood7970/issue-analysis-agent) from ClawHub.
Skill page: https://clawhub.ai/davidunderwood7970/issue-analysis-agent
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install issue-analysis-agent

ClawHub CLI

Package manager switcher

npx clawhub@latest install issue-analysis-agent
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
技能名与代码、文档和运行说明一致:读取 Excel、统计、生成 HTML 报表并上传到 COS。需要的 Python 库(openpyxl、qcloud_cos、requests)也与功能相符。唯一不一致之处是 registry 元数据声明“无需环境变量/凭据”,但代码依赖 COS 配置。
!
Instruction Scope
SKILL.md 明确指导运行分析、生成报告并把 HTML 上传到 COS(公网)。运行说明和分步脚本会把本地生成的报表上传到一个远程公共 COS 链接——这意味着任意运行该流程的本地文件能被发送到外部存储。说明没有要求用户明确提供凭据,而代码实际使用内置 config.json/常量的凭据。
Install Mechanism
这是 instruction-plus-scripts 包,没有下载/执行来自不可信 URL 的二进制,依赖用 pip/npm 安装(openpyxl, qcloud_cos, chart.js),安装方式与用途相称,没有高风险的外部二进制下载步骤。
!
Credentials
注册表声明不需要环境变量/凭据,但 repository 包含 config.json 与 upload_cos.py 内硬编码的 SECRET_ID/SECRET_KEY (看起来像腾讯 COS 凭据)。这既是敏感凭据泄露,也是不一致的设计:技能会向第三方存储上传数据并包含凭据,且没有列出这些为 required.env。硬编码密钥和公开的 bucket/url 放大了数据外传与凭据滥用风险。
Persistence & Privilege
没有设置 always:true,技能不会强制常驻或修改其他技能配置。脚本会在本地创建输出文件和上传到 COS,但没有迹象显示修改系统级配置或其他技能的凭据。
What to consider before installing
What to consider before installing or running this skill: - Hardcoded cloud credentials: The package includes config.json and upload_cos.py that contain explicit SECRET_ID / SECRET_KEY values and a specific COS bucket (claw-1301484442). This is a serious red flag — the skill will perform network uploads using those credentials. Treat those keys as sensitive (rotate/revoke if they are real) and do not assume they are placeholders. - Data exfiltration risk: Running the full workflow (weekly_report.py or upload_cos.py) will upload generated HTML reports — potentially containing sensitive customer data — to a public COS URL. If you run this on real data, it will be posted to that external bucket unless you change the target. - Inconsistency with metadata: The skill metadata lists no required environment variables, but the code relies on embedded credentials. Prefer skills that require the operator to provide their own credentials via environment variables or an explicit configuration step instead of shipping with keys. - Recommended safe steps before use: 1. Inspect the repository locally and search for SECRET_ID / SECRET_KEY / AKID* strings. Do not run scripts before removing or replacing keys. 2. Replace hardcoded credentials: remove credentials from config.json and upload_cos.py; require the user to supply credentials via environment variables or a secure vault. Ensure the code reads credentials from env vars rather than using defaults. 3. Point uploads to your own cloud account/bucket (and use least privilege keys for upload only), or disable auto-upload entirely until reviewed. 4. Run the analysis components (analyze.py, generate_report.py) in an isolated environment first and keep generated artifacts local until you confirm upload behavior. 5. If the embedded keys are valid, consider them compromised: rotate/revoke them with the owner (if known). 6. If you need to trust this skill, ask the publisher to remove embedded secrets, document credential handling, and require explicit user-provided credentials in SKILL.md/metadata. - Additional information that would change this assessment: confirmation that the keys in config.json are deliberate placeholders (not valid credentials) and that the skill was updated to require user-supplied credentials (via env vars) or to disable auto-upload by default. If the bucket and keys are intentionally provided for a controlled internal environment and documented, risk is lower but the current packaging is still poor practice. Bottom line: the skill appears to do what it claims, but the presence of hardcoded cloud credentials and automatic public upload behavior make it suspicious and risky to run on real data without code/configuration changes and credential handling fixes.

Like a lobster shell, security has layers — review code before you run it.

latestvk975cce7zxc9hn5d0sg3efb4bh84qpzn
61downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@davidunderwood7970
latest
Download

📊 客服问题周报技能

技能名称: issue-analysis-agent
版本: v2.0.0
作者: 老六 🥷
创建时间: 2026-03-23
更新时间: 2026-03-23

📋 技能描述

自动化分析客服问题收集表(Excel),生成可视化分析报告,支持每周数据更新和趋势对比。

团队协作模式

  • 🐛 找茬 - 数据分析(读取 Excel、统计分析、未解问题人统计)
  • 🎨 画师 - 报告生成(HTML 可视化、图表绘制、COS 上传)

🎯 核心功能

  1. 数据读取 - 自动解析 Excel 文件,识别字段
  2. 统计分析 - 问题总数、解决率、趋势分析
  3. TOP5 排行 - 反馈人、解决人、未解问题人等
  4. 可视化报告 - HTML 交互式报告(Chart.js,8 个图表)
  5. COS 上传 - 自动生成公网访问链接
  6. 周报对比 - 与上周数据对比,分析趋势
  7. 自动告警 - 解决率<80%、单周>50 个等阈值告警

📥 输入

  • 文件格式: .xlsx Excel 文件
  • 必需字段:
    • 问题描述
    • 提交日期/所属周
    • 所属平台
    • 问题模块
    • 反馈人
    • 解决者
    • 解决状态(已解决/待解决等)
    • 问题类型(Bug/咨询/需求等)

📤 输出

  1. 结构化数据 - analysis_data_latest.json
  2. 文字总结 - analysis_summary.md
  3. 可视化报告 - report_cn_latest.html(HTML 交互式,8 个图表)
  4. COS 链接 - 公网访问地址

🚀 使用方法

方式 1:完整流程(推荐)

cd /Users/master.yu/.openclaw/workspace/skills/issue-analysis-agent
python3 weekly_report.py /path/to/issue_data.xlsx

方式 2:分步执行

# 步骤 1: 分析数据(找茬 🐛)
python3 analyze.py /path/to/issue_data.xlsx

# 步骤 2: 生成报告(画师 🎨)
python3 generate_report.py analysis_data_latest.json report_cn.html

# 步骤 3: 上传 COS(画师 🎨)
python3 upload_cos.py report_cn.html reports/issue_analysis/report_cn_latest.html

方式 3:Agent 调用

任务:分析本周客服问题数据
技能:issue-analysis-agent
输入:issue_data_week_12.xlsx
输出:可视化报告 + COS 链接

📊 报告内容

8 大图表

  1. 📈 每周新增问题趋势(折线图)
  2. 🏷️ 问题类型分布(饼图)
  3. 💻 平台问题分布 TOP5(横向柱状图)
  4. 👤 反馈人 TOP5(柱状图)
  5. ✅ 解决人 TOP5(柱状图)
  6. ⚠️ 未解问题人 TOP5(柱状图)- 解决者中未解决问题最多的
  7. ⚠️ 未解决问题模块 TOP10(表格)

核心指标

  • 问题总数
  • 已解决数/解决率
  • 未解决数
  • 环比变化

自动告警

  • 🔴 解决率 <80%
  • 🔴 单周新增 >50 个
  • 🟡 Bug 占比 >60%
  • 🟡 卖家端占比 >60%

🔄 每周更新流程

固定流程(每周一)

  1. 接收数据 (10:00)

    • 用户上传最新 Excel 文件
    • 保存到 issue_data_week_XX.xlsx

  2. 数据分析 (10:00-10:30) 🐛 找茬

    • 读取 Excel
    • 统计分析
    • 对比上周

  3. 生成报告 (10:30-11:00) 🎨 画师

    • HTML 报告生成
    • 图表绘制
    • 数据验证

  4. 上传 COS (11:00-11:10) 🎨 画师

    • 上传文件
    • 设置权限
    • 生成链接

  5. 推送通知 (11:10-11:20)

    • 发送报告链接
    • 关键发现摘要
    • 预警信息

  6. 归档历史 (11:20-11:30)

    • 保存本周报告
    • 更新索引
    • 清理临时文件

📁 文件结构

issue-analysis-agent/
├── SKILL.md              # 技能说明
├── README.md             # 使用说明
├── config.json           # 配置项
├── weekly_report.py      # 主流程脚本
├── analyze.py            # 数据分析(找茬 🐛)
├── generate_report.py    # 报告生成(画师 🎨)
├── upload_cos.py         # COS 上传(画师 🎨)
├── output/               # 输出目录
│   ├── analysis_data.json
│   ├── analysis_summary.md
│   └── report_cn.html
└── reports/              # 历史报告归档
    ├── week_10/
    ├── week_11/
    └── week_12/

🛠️ 技术依赖

# Python 依赖
pip3 install openpyxl qcloud_cos

# Node.js 依赖(可选)
npm install chart.js

📝 更新日志

v2.0.0 (2026-03-23)

  • ✅ 团队协作模式(找茬 + 画师)
  • ✅ 新增未解问题人 TOP5 统计
  • ✅ 修复字段名不匹配问题
  • ✅ 优化 COS 上传响应头
  • ✅ 自动告警功能

v1.0.0 (2026-03-23)

  • ✅ 初始版本
  • ✅ Excel 数据读取
  • ✅ 统计分析
  • ✅ HTML 报告生成
  • ✅ COS 上传

📞 负责人

  • 技能开发: 老六 🥷
  • 数据分析: 找茬 🐛
  • 报告制作: 画师 🎨
  • 技能维护: 客服 📞

最后更新:2026-03-23

Comments

Loading comments...