customer-segment
v1.0.2金融客户分群分析 Skill。当用户上传银行客户数据表格(CSV/Excel)时自动触发,完成客户分层、特征提取和可视化输出。触发场景包括:(1)用户说"分析客户"或"客户分群";(2)上传了包含客户交易、资产、行为等字段的数据文件;(3)需要输出客户分层结果、可视化图表或分群报告。
⭐ 1· 94·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (customer segmentation) match the included SKILL.md, references, and the Python script which implements RFM feature engineering, K-Means clustering, labeling and chart/report output. There are no environment variables, binaries, or network endpoints requested that are unrelated to the stated purpose.
Instruction Scope
Instructions and script operate on uploaded CSV/Excel customer data and produce CSV/PNG/MD outputs (expected). Two points to note: (1) the script primarily reads CSV (pd.read_csv) while SKILL.md promises CSV/Excel support — Excel (.xlsx) handling is not implemented unless the agent wraps read_excel separately; (2) the skill processes sensitive banking data and does not enforce or automate de-identification or access controls — output files include customer IDs and raw metrics, so users should ensure privacy/compliance and secure storage/retention.
Install Mechanism
No install spec (instruction-only skill) — lowest install risk. However, the included Python script requires common data-science packages (pandas, numpy, scikit-learn, matplotlib, seaborn). The skill does not declare or install these dependencies; the runtime environment must provide them. No network downloads or unusual install actions are present.
Credentials
The skill requests no environment variables, credentials, or config paths — appropriate for an offline data-processing task. There are no apparent attempts to access unrelated secrets or systems.
Persistence & Privilege
always is false and the skill is user-invocable (normal). The SKILL.md describes automatic triggering when a user uploads a customer data file — combined with the agent's ability to autonomously invoke skills, this can cause automatic execution on user-provided sensitive data. This is expected behavior for a file-processing skill but worth confirming in your deployment policy.
Assessment
This skill appears to do what it claims: local customer segmentation and charts. Before installing/running it: (1) review the script (scripts/segment.py) yourself — it will read and write files including customer IDs; (2) ensure the runtime has required Python packages (pandas, numpy, scikit-learn, matplotlib, seaborn); (3) confirm Excel support if you expect .xlsx inputs (script currently uses read_csv); (4) enforce privacy/compliance: consider removing or hashing PII (customer_id) or running in a controlled environment, and secure the output directory; (5) if you want to avoid automatic execution on uploads, adjust agent trigger rules or require explicit user confirmation. If you want, I can list the exact python package versions to install or point out the exact lines that write PII to outputs.Like a lobster shell, security has layers — review code before you run it.
latestvk97999h6yrnpe4xwdv57m2y1ed8364wj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.