ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

After-sales Service

v1.0.0

售后管理技能,提供客户投诉管理、返单报价、满意度调查、分析报表和 OKKI CRM 同步功能。

0· 85·0 current·0 all-time
byJaden's built a claw@cjboy007

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cjboy007/ssa-after-sales.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "After-sales Service" (cjboy007/ssa-after-sales) from ClawHub.
Skill page: https://clawhub.ai/cjboy007/ssa-after-sales
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ssa-after-sales

ClawHub CLI

Package manager switcher

npx clawhub@latest install ssa-after-sales
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (售后管理、OKKI CRM 同步、分析报表) match the code: CLI, analytics model, and OKKI sync controller are present. However the registry metadata lists no required binaries or env vars while the code and SKILL.md clearly expect Node.js and python3 as runtime dependencies and optional OKKI_* environment variables. This mismatch is an incoherence to flag (the binaries/envs are reasonable for the stated purpose, but they should be declared).
Instruction Scope
SKILL.md instructs running the CLI or a shell wrapper and to copy .env.example to .env; the code follows those flows. The OKKI sync controller executes external Python scripts (okki_cli.py / okki_client.py) and also writes temporary Python files to /tmp and executes them. Those behaviors are consistent with performing OKKI client integration, but they expand the runtime surface (file writes, child process execution). Also .env.example referenced in docs is not present in the manifest — another minor mismatch to verify.
Install Mechanism
There is no install spec (instruction-only) which is low risk, but package.json and package-lock.json are included without an install step declared. The code expects Node.js and uses external Python scripts; lack of an explicit install entry or declared runtime in registry metadata is inconsistent. No remote downloads or obscure URLs are present in the provided files.
Credentials
The skill does not request secrets or unrelated cloud credentials. It uses environment variables OKKI_WORKSPACE_PATH, OKKI_CLI_PATH, OKKI_CLIENT_PATH to locate OKKI client code — these are proportional to the OKKI sync feature. However the registry's requires.env is empty while the SKILL.md and code rely on these optional env vars; this should be documented before install. No other unrelated secrets are requested.
Persistence & Privilege
always:false and user-invocable:true. The skill writes runtime data to a local data/ directory and creates temporary files under /tmp for Python fallbacks; it does not request permanent platform privileges or modify other skills. These file writes are within scope but should be considered when running on shared hosts.
What to consider before installing
This skill appears to implement the advertised after-sales and OKKI sync features, but you should take these precautions before installing or running it: - Runtime requirements: The code expects Node.js and python3 on PATH, plus local OKKI client scripts (okki_cli.py / okki_client.py) reachable via OKKI_* env vars. The registry metadata did not declare these — ensure you have Node and python3 and set OKKI_WORKSPACE_PATH / OKKI_CLI_PATH / OKKI_CLIENT_PATH to trusted locations. - Review OKKI client code: The skill executes those Python scripts and, as a fallback, writes and runs a temporary Python script in /tmp. Verify the okki_cli.py / okki_client.py files (and any code in the referenced xiaoman-okki workspace) are from a trustworthy source before allowing the skill to run, since they will run as processes on your host. - Temporary file writes and execution: The controller writes a temp .py file to /tmp and executes it. If you run this on a shared or production host, prefer an isolated environment (container/VM) and avoid using production credentials until you confirm behavior. - Missing .env.example and metadata gaps: SKILL.md tells you to copy .env.example but that file wasn't found in the manifest; confirm configuration steps with the author. Also the skill does not declare required envs/binaries formally — assume they are required and validate before use. - Sanity-check data flows: The sync uses content assembled from complaint data and passes it to the OKKI client. While arguments are passed to execFile (not a shell), check that business data cannot cause malformed Python code in the fallback path (there are some string interpolation and quoting choices in the temp script that could break or behave unexpectedly). If you are not able to audit the OKKI client code or do not want to run external Python code on your host, run the skill in a sandboxed environment or decline installation.
api/controllers/okki_sync_controller.js:42
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk974naspc7dx32cee4ywr8ad7x83qtcb
85downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Jaden's built a claw@cjboy007
latest
Download

After-Sales Skill - 售后管理

功能

  • ⚠️ 客户投诉管理(创建/跟踪/解决)
  • 🔄 返单报价管理
  • 📊 满意度调查
  • 📈 分析报表(投诉统计/客户风险分析)
  • 🔄 OKKI CRM 同步(自动创建售后跟进记录)

使用方式

CLI 命令

# 使用 after_sales.sh 快捷脚本
./after_sales.sh <module> <command> [options]

# 或直接用 Node.js CLI
node cli/after_sales_cli.js <module> <command> [options]

常用命令

# 投诉管理
./after_sales.sh complaint list
./after_sales.sh complaint create -n '客户名' -t quality -d '问题描述'
./after_sales.sh complaint get CMP-xxx

# 返单报价
./after_sales.sh repeat-order list
./after_sales.sh repeat-order create -n '客户名' -R 50000

# 满意度调查
./after_sales.sh satisfaction list
./after_sales.sh satisfaction stats

# 分析报表
./after_sales.sh analytics summary
./after_sales.sh analytics risk

# OKKI 同步
./after_sales.sh okki sync-complaint CMP-xxx
./after_sales.sh okki logs

环境变量

复制 .env.example.env 并配置:

# OKKI 路径配置(可选,默认使用相对路径)
OKKI_WORKSPACE_PATH=/path/to/xiaoman-okki
OKKI_CLI_PATH=/path/to/okki_cli.py
OKKI_CLIENT_PATH=/path/to/okki_client.py

目录结构

after-sales/
├── api/           # API 服务
├── cli/           # 命令行工具
├── scripts/       # 脚本工具
├── models/        # 数据模型
├── data/          # 数据文件(运行时生成)
└── test/          # 测试文件

OKKI 集成

  • 自动将投诉/返单记录同步到 OKKI CRM
  • 使用 trail_type=107(售后跟进)
  • 支持客户 ID/名称匹配
  • 同步日志持久化到 data/okki_sync_logs/

注意事项

  • ⚠️ data/ 目录为运行时数据,已加入 .gitignore
  • ⚠️ 敏感信息请通过环境变量配置
  • ⚠️ OKKI 路径支持环境变量覆盖,默认使用相对路径

Comments

Loading comments...