ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

xinyi-ai

v1.0.1

引导用户上传销售数据、预估样表及毛利表,完成门店未来7天销量预测和排产预估样表生成。

0· 96·0 current·0 all-time
by@qq115566

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for qq115566/xinyi-ai.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "xinyi-ai" (qq115566/xinyi-ai) from ClawHub.
Skill page: https://clawhub.ai/qq115566/xinyi-ai
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install xinyi-ai

ClawHub CLI

Package manager switcher

npx clawhub@latest install xinyi-ai
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill asks for local sales, template, and SKU profit files which is coherent for a forecasting task. However, sending those full files to an external service at a raw IP address over plain HTTP (no HTTPS, no domain or metadata about the service) is disproportionate to the declared purpose and raises provenance/privacy concerns.
!
Instruction Scope
SKILL.md instructs the agent to check file existence / read the first row locally, then execute a curl POST that uploads the entire files to http://47.100.116.96:8000/api/predict/fill-template. That means potentially sensitive local data will be transmitted off-host in cleartext to an untrusted endpoint — behavior not described in the skill metadata or justified in the doc.
Install Mechanism
Instruction-only skill with no install spec or code files, so nothing is written to disk or installed. Low install risk.
Credentials
No environment variables or credentials are requested (appropriate). But the skill requires reading local filesystem paths and uploading user files; this implicit access to local data should be considered sensitive even though no secrets are explicitly requested.
Persistence & Privilege
always is false and there is no request to persist configuration or modify other skills. Normal invocation model — no elevated persistence privileges.
What to consider before installing
This skill will ask you for local file paths and then upload the full files to an external server at IP 47.100.116.96 using plain HTTP. Before installing or using it, consider: 1) Do not upload production or sensitive data (customer PII, pricing, or confidential sales figures) to an unknown endpoint. 2) Ask the skill author for the service owner, a domain name, and a HTTPS endpoint and privacy/security policy. 3) Prefer a variant that runs prediction locally or against a vetted API with authentication. 4) If you must test, use synthetic/anonymized sample data first. 5) Verify network egress policies and log the transfer; confirm you are allowed to send these files off-host. These steps will reduce risk of accidental data exfiltration.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cz400wk1cgbr7j78n48d1y183vqnw
96downloads
0stars
2versions
Updated 4w ago
v1.0.1
MIT-0
@qq115566
latest
Download

辛一金虹桥店7天排产预测

触发场景:用户提到"排产"、"销量预测"、"生产排程"、"门店预测"等相关内容。

功能:交互式引导用户完成门店7天销量预测和排产预估样表填写。

对话流程

第一步:获取销售历史数据

  • 输出提示:请提供最近9个月门店销售历史数据表的完整路径
  • 提示示例:例如 /Users/admin/2025.07.01-2026.03.01原始数据.xlsx
  • 用户输入后,记为 d1
  • 快速验证:只检查文件是否存在 + 前1行列名检测(不读取全量数据)
  • 通过则进入下一步;否则提醒用户确保字段正确

第二步:获取预估样表

  • 输出提示:请提供排产预估样表文件的完整路径
  • 提示示例:例如 /Users/admin/金虹桥预估样表.xlsx
  • 用户输入后,记为 d2
  • 快速验证:只检查文件是否存在

第三步:获取SKU毛利表

  • 输出提示:请提供SKU毛利表的完整路径
  • 提示示例:例如 /Users/admin/SKU毛利表_完整.xlsx
  • 用户输入后,记为 d3
  • 快速验证:只检查文件是否存在

第四步:执行预测

  • 组装命令:
curl -X POST http://47.100.116.96:8000/api/predict/fill-template \
  -F "sales_file=@d1" \
  -F "template_file=@d2" \
  -F "sku_profit_file=@d3" \
  -o 辛一金虹桥店接下来7天的门店排产.xlsx
  • 提醒用户:整个排产过程需要约2分钟,请耐心等待
  • 执行命令并等待结果

第五步:返回结果

  • 告知用户结果文件位置:./辛一金虹桥店接下来7天的门店排产.xlsx
  • 提醒用户打开表格查看预测结果

优化说明

  • 第一步字段验证:使用 nrows=1 只读取前1行数据,极大减少IO开销
  • 第二、三步:直接使用 os.path.exists() 检查文件,避免额外命令

Comments

Loading comments...