Biaoshu Writer
v5.3.1标书撰写器 v5.3.0 - 投标技术标文档自动生成工具。支持解析 txt/pdf/docx/xlsx 招标文件,生成符合评分标准的技术标 Word 文档。适用:技术标编写、交通工程(高速/航道)投标。
⭐ 1· 173·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (自动生成技术标 Word 文档 from txt/pdf/docx/xlsx) align with declared Python dependencies (python-docx, pdfplumber, openpyxl, PyPDF2) and with the provided scripts (parsing, word conversion, word-count checking, font check). No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
SKILL.md instructs parsing bid files, generating chapter drafts, running a chapter-word checker, 'humanizer-zh' to remove AI traces, and converting to DOCX — all within the stated purpose. The 'humanizer-zh' module explicitly aims to remove AI-generation fingerprints (a legitimate feature for producing human-like text but one that could be used to evade detection); this is a functional/design note rather than an incoherence. Workflow references user-specific paths (~/ and /Users/owen/Desktop/) and assumes manual review steps (Owen 审核), which is reasonable. No instructions try to read unrelated system credentials or network-exfiltrate data.
Install Mechanism
Install uses pip to install standard Python packages from PyPI — an expected mechanism for a Python-based tool. No downloads from unknown domains, no archive extraction from arbitrary URLs, and install scripts create a local virtualenv. Risk level is typical for pip installs.
Credentials
The skill requires no environment variables, credentials, or elevated config paths. Requests for a specific font (SimSun.ttf) are for formatting and are reasonable for producing correctly-styled documents; the scripts only advise copying/downloading the font and checking its presence locally.
Persistence & Privilege
Skill is not marked always:true and does not request persistent or cross-skill configuration changes. Normal autonomous invocation is allowed (platform default) but is not combined with broad credentials or other suspicious privileges.
Assessment
This skill appears to do what it says: parse bid documents and produce formatted technical-bid Word files. Before installing, consider the following: 1) Run the provided install-deps.sh in a dedicated virtualenv as recommended; inspect and run the scripts locally rather than blindly enabling autonomous runs. 2) The repo includes a 'humanizer-zh' guide to remove AI writing traces — this matches the stated workflow but could be used to mask AI origin; ensure you comply with any legal/ethical obligations for submission documents. 3) There is a minor coding bug in scripts/check_chapter_words.py (an invalid print statement: print(f=" * 60") ) that will raise an exception at runtime — review/fix before relying on it. 4) The tool asks you to install SimSun.ttf (font) manually; confirm licensing for any font you download. 5) No credentials or network exfiltration were found, but test the tool with non-sensitive sample files first and audit network activity if you will process confidential bid documents.Like a lobster shell, security has layers — review code before you run it.
automationvk97bqpz58t061jhqma7tn3vaas83aeedbidvk97bqpz58t061jhqma7tn3vaas83aeedhighwayvk97bqpz58t061jhqma7tn3vaas83aeedlatestvk97fctyk2rw3r6csg1hwkv1k7x841wjetechnical-proposalvk97bqpz58t061jhqma7tn3vaas83aeedwaterwayvk97bqpz58t061jhqma7tn3vaas83aeedwordvk97bqpz58t061jhqma7tn3vaas83aeed
License
MIT-0
Free to use, modify, and redistribute. No attribution required.