技能详情(站内镜像,无评论)
作者:AIpoch @AIPOCH-AI
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.1
统计:⭐ 0 · 37 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:aipoch-ai/grant-budget-justification
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill's purpose (generate budget justifications) is plausible and the included script is simple and mostly safe, but the SKILL.md CLI parameters do not match the shipped script and the code lacks input-file parsing and path validation — these inconsistencies and missing safety checks warrant caution.
目的
The stated purpose (generate NIH/NSF budget justifications) matches the provided Python script's behavior (demo-mode generation of personnel/equipment/supplies/travel justification). There are no unexpected network, credential, or system-level requirements. However, the SKILL.md documents many CLI parameters (--input / -i, --justification-type, --format, --agency) that are not implemented in scripts/main.py, indicating a metadata/code mismatch.
说明范围
SKILL.md describes input files and many parameters; the actual script only supports --demo, and accepts --personnel and --equipment flags but never reads JSON files — it prints a message telling the user to provide files but doesn't implement parsing. The script writes an output file path directly with open(..., 'w') without validating the path (no check for ../ traversal or workspace confinement). This mismatch and lack of input validation ar…
安装机制
No install spec (instruction-only plus a small Python script). Nothing is downloaded or installed; risk from install mechanism is low.
证书
The skill requests no environment variables, no credentials, and no config paths. That is proportionate to the stated purpose.
持久
The skill is not always-enabled and does not request elevated platform privileges. Its only persistence behavior is writing an output file (default budget_justification.txt) which is expected for this functionality, though path validation is missing.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Grant Budget Justification」。简介:Generate narrative budget justifications for NIH/NSF applications。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/aipoch-ai/grant-budget-justification/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: grant-budget-justification
description: Generate narrative budget justifications for NIH/NSF applications
version: 1.0.0
category: Grant
tags: []
author: AIPOCH
license: MIT
status: Draft
risk_level: Medium
skill_type: Tool/Script
owner: AIPOCH
reviewer: ''
last_updated: '2026-02-06'
---
# Grant Budget Justification
Narrative budget explanations for grant proposals.
## Use Cases
- Equipment purchases
- Personnel costs
- Supplies and reagents
- Travel and dissemination
## Parameters
| Parameter | Type | Default | Required | Description |
|-----------|------|---------|----------|-------------|
| `--input`, `-i` | string | - | Yes | Path to budget items file (JSON/CSV) |
| `--justification-type` | string | - | Yes | Type of justification (Equipment, Personnel, Other) |
| `--agency` | string | NIH | No | Funding agency (NIH, NSF) |
| `--output`, `-o` | string | stdout | No | Output file path |
| `--format` | string | text | No | Output format (text, markdown, docx) |
## Returns
- Narrative justification text
- Cost-benefit rationale
- Compliance with agency requirements
## Example
Input: $50,000 for mass spectrometer
Output: Justification emphasizing essentiality and cost-sharing
## Risk Assessment
| Risk Indicator | Assessment | Level |
|----------------|------------|-------|
| Code Execution | Python/R scripts executed locally | Medium |
| Network Access | No external API calls | Low |
| File System Access | Read input files, write output files | Medium |
| Instruction Tampering | Standard prompt guidelines | Low |
| Data Exposure | Output files saved to workspace | Low |
## Security Checklist
- [ ] No hardcoded credentials or API keys
- [ ] No unauthorized file system access (../)
- [ ] Output does not expose sensitive information
- [ ] Prompt injection protections in place
- [ ] Input file paths validated (no ../ traversal)
- [ ] Output directory restricted to workspace
- [ ] Script execution in sandboxed environment
- [ ] Error messages sanitized (no stack traces exposed)
- [ ] Dependencies audited
## Prerequisites
No additional Python packages required.
## Evaluation Criteria
### Success Metrics
- [ ] Successfully executes main functionality
- [ ] Output meets quality standards
- [ ] Handles edge cases gracefully
- [ ] Performance is acceptable
### Test Cases
1. **Basic Functionality**: Standard input → Expected output
2. **Edge Case**: Invalid input → Graceful error handling
3. **Performance**: Large dataset → Acceptable processing time
## Lifecycle Status
- **Current Stage**: Draft
- **Next Review Date**: 2026-03-06
- **Known Issues**: None
- **Planned Improvements**:
- Performance optimization
- Additional feature support