📦 Ai Intelligent Budget Management — 智能预算管控
v1.0.0基于AI的企业预算编制、执行跟踪与智能预警,实时洞察超支风险,提升财务决策效率。
0· 220·1 当前·1 累计
by 下载技能包
最后更新
2026/4/21
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill appears to describe a legitimate budget-management app, but it does not include code and instructs you (or an agent) to git clone and run a remote repository. Before installing or executing anything: verify the GitHub repository (owner, commits, README, issues), review the repository source code for data exfiltration or unsafe actions, run it in a sandboxed environment (isolated VM/container), require explicit configuration for any DB credentials (do not reuse production secrets), and...详细分析 ▾
ℹ 用途与能力
Name/description, features, and tech stack (Python/FastAPI + PostgreSQL) are coherent for a budget-management tool. However, the skill package contains no code or binaries and instructs the user/agent to git clone a repository rather than providing the code; skill.json author differs from the SKILL.md claimed author/team, and the registry 'source' and 'homepage' are missing — a modest inconsistency.
⚠ 指令范围
SKILL.md explicitly instructs running shell commands to 'git clone' an external GitHub repo and 'python app.py'. For an instruction-only skill, asking the agent to fetch and execute external code expands scope beyond what is shipped and could result in executing arbitrary third-party code. The instructions also reference PostgreSQL (implying credentials/config), but the skill does not declare how those are provided.
⚠ 安装机制
There is no formal install spec in the skill metadata; instead the README-like SKILL.md tells users/agents to download from a GitHub repo. Downloading and executing remote code is higher-risk than an instruction-only skill that stays local. The GitHub host is a known release host (lower risk than arbitrary URLs), but the repo is not included in the package and its trustworthiness is unknown.
ℹ 凭证需求
The skill declares no required environment variables or credentials, which is consistent with a readme-only listing. However, the app requires PostgreSQL and likely needs DB credentials and configuration in practice — the instructions do not declare or justify how credentials will be supplied, creating a gap between stated requirements and operational needs.
✓ 持久化与权限
The skill does not request 'always: true' and has default invocation privileges. That said, an agent following the provided instructions could autonomously clone and run external code; this is a usage risk but not an elevated privilege request in the skill metadata itself.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/18
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install ai-intelligent-budget-management
镜像加速npx clawhub@latest install ai-intelligent-budget-management --registry https://cn.longxiaskill.com