技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 13 · 0当前安装次数· 0历史安装次数
⭐ 0
安装量(当前) 0
🛡 VirusTotal :挂起 · OpenClaw :可疑
Package:cjboy007/ssa-logistics-manager
安全扫描(ClawHub)
- VirusTotal :挂起
- OpenClaw :可疑
OpenClaw 评估
Skill主要实现物流工具,但包含意外的本地文件系统和子过程行为(硬编码用户路径、动态Python子过程创建和继承环境暴露) ,这些行为未在SKILL.md中声明并增加风险—使用前进行审查。
目的
名称/描述承诺物流功能和OKKI同步。代码实现了这些功能,但OKKI集成依赖于/Users/wilson/.openclaw/...下的硬编码绝对路径,以及调用主机上存在的外部Python脚本/CLI。这些特定于主机的文件系统依赖项和子过程调用未记录在SKILL.md中,并且与简单的“物流经理”描述不成比例。
说明范围
SKILL.md shows running Node.js server/CLI and setting LOGISTICS_API_URL only. It does not mention the need for Python, an OKKI CLI, or that the code will exec local Python scripts, write temporary Python files to /tmp, or read/write data and document directories. The runtime instructions therefore understate the actual scope and grant the skill broad discretion over local files and subprocesses.
安装机制
There is no install spec (instruction-only), so nothing is downloaded at install time — that reduces supply-chain risk. However the packaged code will call 'python3' subprocesses and expects other local code (OKKI CLI/client) at absolute paths. Lack of an install step means those external dependencies are implicit and can fail or cause unexpected behavior on the host.
证书
SKILL.md declares only LOGISTICS_API_URL, but the code invokes subprocesses with env: {...process.env,...} so any environment variables (including secrets) are inherited by child Python processes. The skill does not declare or justify access to credentials or the host filesystem paths it references. That is disproportionate and increases risk of accidental exposure of environment secrets.
持久
always:false (good), but the skill can be invoked autonomously (platform default) and its code executes arbitrary local subprocesses, writes temp scripts to /tmp, and reads/writes host files. Autonomous invocation combined with the above behaviors widens the blast radius; this capability should be considered before enabling autonomous runs.
api/controllers/okki_sync_controller.js:41
检测到Shell命令执行( child_process )。
test/e2e_test.js:75
检测到Shell命令执行( child_process )。
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「后勤经理」。简介:物流管理技能,提供提单生成、报关单据生成、物流跟踪等功能。支持 OKKI 客户数据同步和自动化文档处理。。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/cjboy007/ssa-logistics-manager/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: logistics
description: 物流管理技能,提供提单生成、报关单据生成、物流跟踪等功能。支持 OKKI 客户数据同步和自动化文档处理。
---
# Logistics Skill - 物流管理
## 功能
- 📄 提单 (Bill of Lading) 生成与管理
- 📋 报关单据自动生成
- 🚚 物流状态跟踪
- 🔄 OKKI 客户数据同步
- 📊 物流数据报表
## 使用方式
### CLI 命令
```bash
# 使用 logistics.sh 快捷脚本
./logistics.sh <command> [args]
# 或直接用 Node.js CLI
node cli/logistics_cli.js <command> [args]
```
### API 端点
```bash
# 启动 API 服务
node api/server.js
```
## 环境变量
复制 `.env.example` 到 `.env` 并配置:
```bash
LOGISTICS_API_URL=http://localhost:3000
```
## 目录结构
```
logistics/
├── api/ # API 服务
├── cli/ # 命令行工具
├── scripts/ # 脚本工具
├── templates/ # 文档模板
├── data/ # 示例数据
├── models/ # 数据模型
└── test/ # 测试文件
```
## 注意事项
- ⚠️ `data/` 目录仅存放示例数据,真实数据应存储在外部
- ⚠️ `output/` 目录为运行时生成,已加入 .gitignore
- ⚠️ 敏感信息请通过环境变量配置