ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

达鑫车队加气记录

v1.0.1

达鑫车队加气记录录入技能。触发指令:「加气汇总」。当用户提供加气原始信息(日期、车牌、站点、升数、单价、金额、公里数)时,自动生成加气记录汇总表和扣卡记录。触发场景:输入加气记录、录入加气数据、车队加气录入、扣卡记录生成。

0· 119·0 current·0 all-time
by@v31981

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for v31981/refuel-record.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "达鑫车队加气记录" (v31981/refuel-record) from ClawHub.
Skill page: https://clawhub.ai/v31981/refuel-record
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install refuel-record

ClawHub CLI

Package manager switcher

npx clawhub@latest install refuel-record
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description (加气记录录入、生成汇总与扣卡记录) align with the instructions to parse inputs and produce CSVs. It does not request credentials or external tools, which is proportionate. However, the SKILL.md hardcodes an absolute Windows path (C:\Users\35794\Desktop) for outputs and requires continuing the last serial number ("延续上次最大序号") without specifying where prior data is stored — this mismatch is odd and worth questioning.
!
Instruction Scope
Runtime instructions explicitly direct writing output files to a specific user's Desktop and describe behaviors that imply reading or merging previous records (continuing serial numbers, merging duplicate info) but do not state where or how to find prior files. Several rules (merging multiples, determining last serial) grant the agent open-ended judgment without concrete, constrained steps. Hardcoded paths and vague file-read behavior increase the risk of unintended file access or modification.
Install Mechanism
No install spec and no code files — instruction-only skill. This is low-risk from an installation/execution perspective because nothing is downloaded or installed by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths (good). Nevertheless, the instructions assume access to a specific filesystem location (C:\Users\35794\Desktop) without declaring it; requiring access to a particular user path is disproportionate and brittle, especially across different OSes or users.
Persistence & Privilege
always:false and no persistent installation. The skill will create files on the host if run, which is expected for a data-entry tool. The concern is the hard-coded Desktop target and implied reading/modification of prior files — not elevated platform privileges but potential unwanted file writes/reads.
What to consider before installing
Plain-language points to consider before installing: - This skill appears to do what it says (parse refuel entries and create CSVs), but the instructions will write files to a hard-coded Windows Desktop path (C:\Users\35794\Desktop). Confirm you are comfortable with the agent creating files there or ask the author to make the output path configurable or dynamically use the current user's Desktop. - The SKILL.md says to "continue the last serial number" and to merge duplicate entries but does not say where to read previous records. Ask the developer to clarify whether the agent will read existing CSVs, which files it will open, and to require explicit user consent before reading/modifying existing files. - Because outputs contain identifiable information (license plates, mileage), consider privacy: ensure CSVs are stored in an expected, secure location and that you are okay with the agent handling that personal data. - Best practices: test the skill with dummy data first, require the skill to prompt before writing or overwriting files, and prefer a relative or user-resolved path (e.g., %USERPROFILE%\Desktop or a user-chosen folder) rather than a hard-coded path. - If the developer cannot clarify where prior data is read from or refuses to parameterize the output path, treat the skill with caution (do not run it on sensitive data or in an environment where unintended file access would be problematic).

Like a lobster shell, security has layers — review code before you run it.

latestvk972xdwvym82ahrkwkr2wrdbr5838fxt
119downloads
0stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
@v31981
latest
Download

达鑫车队 - 加气记录录入

工作目录

所有输出文件保存到:C:\Users\35794\Desktop

输出文件

  • 加气汇总_YYYY-MM-DD.csv — 包含加气总表 + 扣卡子表的汇总文件

输入格式(用户给原始信息)

日期 车牌 站点 升数×单价=金额 [扣卡/现金] [公里数]

数据处理流程

第一步:判断扣卡/现金

  • 站点名称含「扣卡」→ 扣卡标记
  • 站点名称含「现金」或无标注 → 现金标记

第二步:生成加气总表

字段顺序(9列):

序号,加油日期,车牌号码,里程,加油站,加油量(L),单价,金额,扣卡标记

第三步:从加气记录中提取扣卡记录

条件:扣卡标记 = 「扣卡」

第四步:生成扣卡子表(两段)

收入段(7列):

日期,项目点,项目目标,项目明细,标记,摘要,收入金额,支出金额
微信,和卫光,垫付+站点,,收+车牌+站点+加气费+算式+元已扣+站点充值卡,金额,0

支出段(7列):

日期,项目点,项目目标,项目明细,标记,摘要,收入金额,支出金额
微信,车牌号,加气,,付+车牌+站点+加气费+算式+元已扣+站点充值卡,0,金额

关键规则

  • 序号:延续上次最大序号,连续编号不重复
  • 公里数:无数据填「1」
  • 站点:站点名称含「扣卡」字样(如「沙县扣卡」「九江扣卡」)
  • 同一站点多条记录:每条独立成行
  • 同一信息多条加油:合并为一条记录,升数相加
  • 摘要算式:使用「*」作为乘号,如 225*5.85=1316.25
  • 扣卡记录:严格区分收入(和卫光垫付)和支出(司机加气),各占一半

Comments

Loading comments...