ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Quotation Engine

v1.0.1

智能报价引擎 — 根据设备清单和工时自动生成报价单

0· 85·0 current·0 all-time
by@zimuge-doudou

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zimuge-doudou/skill-quotation-engine.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Skill Quotation Engine" (zimuge-doudou/skill-quotation-engine) from ClawHub.
Skill page: https://clawhub.ai/zimuge-doudou/skill-quotation-engine
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install skill-quotation-engine

ClawHub CLI

Package manager switcher

npx clawhub@latest install skill-quotation-engine
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (智能报价引擎 — 生成报价单) align with the included code: QuotationEngine.generate computes costs and returns a quotation. However there are minor mismatches: SKILL.md example calls engine.export_pdf(...) but the implementation only provides export_json and summary. Also __init__.py declares __version__ = "2.0" while registry metadata/version in SKILL.md is 1.0/1.0.1 — small packaging/documentation inconsistencies.
!
Instruction Scope
SKILL.md instructs usage that includes export_pdf, which does not exist in the code — following the doc will cause errors. Otherwise runtime instructions are limited to importing the class and calling methods; the code only performs local computation and file read/write (export_json). The skill does not access network, other files, or environment variables beyond reading/writing JSON files provided by the user.
Install Mechanism
No install spec is provided (instruction-only install). The bundle does include Python source files that will be present if the skill is installed, but there is no download-from-URL or third-party package installation. This is low-risk from an install perspective.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The implementation does not attempt to read environment variables or external secrets — all inputs come from the provided show_data dict or user-supplied JSON file.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide settings. It performs only local file writes (export_json) to paths the caller specifies. No elevated persistence or privilege escalation behavior observed.
What to consider before installing
This skill appears to implement a legitimate quoting calculator and does not request network access or credentials, but the documentation and packaging have small inconsistencies you should address before use. Specifically: (1) SKILL.md shows export_pdf(...) but the code only implements export_json and summary — calling export_pdf will fail; either request the author to provide the PDF export or update the docs, or implement your own PDF export wrapper. (2) Version strings differ between the package and metadata — verify you have the intended release. (3) The skill reads a user-supplied JSON and writes files to disk; run it in a sandbox or with limited file permissions until you’re comfortable. (4) Review and test with sample data to ensure outputs meet your expectations. If you need guarantees about no network calls or added behavior, request the author confirm there are no hidden features (or inspect any future updates) before deploying in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk976b4r5wgt4s8pgkj005pzjv184r6gg
85downloads
0stars
1versions
Updated 2w ago
v1.0.1
MIT-0
@zimuge-doudou
latest
Download

智能报价引擎

一、概述

根据演出项目的设备清单、工时、运输成本等自动计算并生成报价单。

二、使用示例

from skill_quotation_engine import QuotationEngine
engine = QuotationEngine()
quote = engine.generate(show_data, labor_rate=500, transport_rate=2.0)
engine.export_pdf(quote, "quote.pdf")

三、报价组成

  1. 设备租赁费 — 设备单价 × 天数
  2. 人工费 — 技术人员 × 工时 × 费率
  3. 运输费 — 距离 × 费率
  4. 保险费 — 设备总值 × 保险率
  5. 管理费 — 小计 × 管理费率

版本: v1.0 | 创建: 2026-04-10

Comments

Loading comments...