ClawHub

Bazhuayu Rpa Webhook

八爪鱼 RPA Webhook 调用工具 - 通过 Webhook 触发 RPA 任务运行,支持自定义参数传递

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 161 · 2 current installs · 2 all-time installs
by李飞RPA@blogwebsem
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Octoparse RPA Webhook) aligns with requested resources: python3 and two environment variables (BAZHUAYU_WEBHOOK_URL, BAZHUAYU_WEBHOOK_KEY). No unrelated cloud credentials or unrelated binaries are requested.
Instruction Scope
SKILL.md and accompanying docs instruct the agent/user to set environment variables, run helper scripts, and call the Python program — all consistent with triggering a webhook. Two things to note: (1) several documents and quickstart examples show appending export lines into ~/.bashrc (echo 'export ...' >> ~/.bashrc), which persists the key in a shell config file on disk (this is expected but has persistence implications); (2) examples show integrating via subprocess to call the local script, which is normal for this use case. The skill also provides secure-check and scripts that claim not to auto-modify shell configs.
Install Mechanism
No external download/install spec is present; the package is an instruction + local scripts bundle. There are no installs from untrusted URLs or extracted archives. Files are included in the skill (python script and helper shell scripts), so risk is limited to reviewing and running those local scripts.
Credentials
Only BAZHUAYU_WEBHOOK_URL and BAZHUAYU_WEBHOOK_KEY are required (primaryEnv is the key). Optional BAZHUAYU_PARAM_* variables are for defaults. The requested environment variables are proportionate to a webhook-triggering tool; no extra unrelated secrets are requested.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges. Scripts intentionally avoid automatically modifying user shell config per CHANGES notes. The skill writes/reads its own config.json and log files under its directory — expected behavior for a local tool.
Assessment
This skill appears to do what it says: trigger an RPA webhook using a signing key. Before installing or running scripts: 1) Inspect setup-secure.sh, migrate-to-env.sh and bazhuayu-webhook.py yourself to confirm they do not perform unexpected actions. 2) Prefer setting the signing key in your session or a secure OS-level secret store rather than permanently appending it to ~/.bashrc (the docs show both; adding it to shell config stores the key on disk in plaintext). 3) Run python3 bazhuayu-webhook.py secure-check and test to verify behavior and file permissions (config.json, logs) are 600 as claimed. 4) Do not commit config.json or any exported secrets to git; verify .gitignore includes migrations/.env files. 5) Confirm the webhook URL host is legitimate (rpa.bazhuayu.com or your enterprise endpoint) before sending real payloads and consider rotating the key after initial testing. If you want extra assurance, run the tool in an isolated account or container and inspect network traffic to confirm target endpoints.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.0.5
Download zip
latestvk975pcme5pbpy6qz2e2nsms02s82nhmf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐙 Clawdis
Binspython3
EnvBAZHUAYU_WEBHOOK_URL, BAZHUAYU_WEBHOOK_KEY
Primary envBAZHUAYU_WEBHOOK_KEY

SKILL.md

八爪鱼 RPA Webhook 调用技能 (Bug 修复版 v2.0.6)

通过 Webhook 触发八爪鱼 RPA 任务运行,支持自定义参数传递。

⚠️ 使用前必读

本技能需要配置以下环境变量才能运行:

变量名说明是否必需
BAZHUAYU_WEBHOOK_URL八爪鱼 RPA Webhook 地址必需
BAZHUAYU_WEBHOOK_KEY签名密钥必需

配置方式(二选一):

  1. 推荐:手动添加到 shell 配置文件 (~/.bashrc~/.zshrc)
  2. 临时:在当前终端会话中使用 export 命令

详见下方「🔧 快速配置」章节。

🔐 安全特性 (v2.0 新增)

  • 环境变量支持 - 敏感信息使用环境变量存储 (优先级高于配置文件)
  • 文件权限保护 - 配置文件自动设置为 600 (仅所有者可读写)
  • 日志脱敏 - 输出自动隐藏敏感信息
  • 安全检查 - secure-check 命令帮助发现潜在风险
  • 一键配置 - setup-secure.sh 快速安全配置
  • 迁移工具 - migrate-to-env.sh 从旧配置迁移

📦 安装

方式一:从 ClawHub 安装

clawhub install bazhuayu-webhook

方式二:手动复制

# 复制 skill 目录
cp -r ~/.openclaw/workspace/skills/bazhuayu-webhook /你的路径/

# 进入目录
cd /你的路径/bazhuayu-webhook

🚀 快速配置

方式一:运行配置向导(推荐)

./setup-secure.sh

按提示输入 Webhook URL 和签名密钥,脚本会:

  • 生成环境变量配置示例
  • 更新 config.json(密钥留空,从环境变量读取)
  • 不会自动修改你的 shell 配置文件

配置完成后,请手动将 export 命令添加到 ~/.bashrc~/.zshrc

方式二:手动配置环境变量

编辑 ~/.bashrc~/.zshrc,添加:

export BAZHUAYU_WEBHOOK_URL="你的 Webhook URL"
export BAZHUAYU_WEBHOOK_KEY="你的签名密钥"

然后执行:

source ~/.bashrc  # 或 source ~/.zshrc

方式三:临时配置(仅当前终端会话)

export BAZHUAYU_WEBHOOK_URL="你的 Webhook URL"
export BAZHUAYU_WEBHOOK_KEY="你的签名密钥"

验证配置

python3 bazhuayu-webhook.py secure-check

🔧 使用方法

运行任务(使用默认参数)

python3 bazhuayu-webhook.py run

运行任务(指定参数值)

python3 bazhuayu-webhook.py run --A=新值 --B=新值

测试模式(不实际发送)

python3 bazhuayu-webhook.py test

查看配置

python3 bazhuayu-webhook.py config

安全检查 ⭐

python3 bazhuayu-webhook.py secure-check

📝 配置文件

config.json - 存储 Webhook URL、参数配置(v2.0 起密钥建议使用环境变量

{
  "url": "Webhook 地址",
  "key": "",
  "paramNames": ["A", "B"],
  "defaultParams": {"A": "默认值 A", "B": "默认值 B"},
  "security": {
    "keyFromEnv": true,
    "version": "2.0"
  }
}

环境变量

变量名说明是否必需优先级
BAZHUAYU_WEBHOOK_URLWebhook URL必需高于配置文件
BAZHUAYU_WEBHOOK_KEY签名密钥必需高于配置文件
BAZHUAYU_PARAM_*参数默认值可选高于配置文件

如何设置环境变量:

  1. 永久生效(推荐):添加到 ~/.bashrc~/.zshrc

    export BAZHUAYU_WEBHOOK_URL="你的 URL"
export BAZHUAYU_WEBHOOK_KEY="你的密钥"

  2. 临时生效(仅当前终端):

    export BAZHUAYU_WEBHOOK_URL="你的 URL"
export BAZHUAYU_WEBHOOK_KEY="你的密钥"

🔐 签名算法

string_to_sign = timestamp + "\n" + key
sign = Base64(HmacSHA256(string_to_sign, message=""))

本工具已自动处理签名计算,无需手动操作。

📤 返回结果

成功响应(HTTP 200)

{
  "enterpriseId": "企业 ID",
  "flowId": "应用 ID",
  "flowProcessNo": "运行批次号"
}

失败响应(HTTP 400)

{
  "code": "错误码",
  "description": "错误描述"
}

常见错误:

  • SignatureVerificationFailureOrTimestampExpired - 签名错误或时间戳过期
  • 检查系统时间是否准确
  • 检查 Key 是否正确

📁 文件结构

bazhuayu-webhook/
├── README.md              # 使用说明
├── QUICKSTART.md          # 5 分钟快速配置指南 ⭐
├── SECURITY.md            # 安全指南
├── MANUAL.md              # 详细使用手册
├── SKILL.md               # 本文件
├── bazhuayu-webhook.py    # 主程序 (安全增强版 v2.0)
├── setup-secure.sh        # 一键安全配置脚本 ⭐
├── migrate-to-env.sh      # 迁移到环境变量脚本
├── config.json            # 配置文件 (敏感,已加入.gitignore)
├── config.example.json    # 配置模板
└── .gitignore             # Git 忽略规则

📚 文档

  • 快速开始: QUICKSTART.md - 5 分钟完成配置
  • 详细手册: MANUAL.md - 完整使用指南
  • 安全指南: SECURITY.md - 安全最佳实践

🆘 常见问题

Q: 如何配置环境变量?

A:

  1. 编辑 ~/.bashrc~/.zshrc
  2. 添加 export BAZHUAYU_WEBHOOK_URL="..."export BAZHUAYU_WEBHOOK_KEY="..."
  3. 运行 source ~/.bashrcsource ~/.zshrc 使配置生效
  4. 运行 python3 bazhuayu-webhook.py secure-check 验证

Q: 签名验证失败?

A:

  1. 检查系统时间是否准确
  2. 检查 Key 是否正确(使用环境变量推荐)
  3. 运行 secure-check 检查配置

Q: 如何迁移旧配置?

A: 运行 ./migrate-to-env.sh 迁移到环境变量模式,然后手动将生成的 export 命令添加到 shell 配置

Q: 参数未设置值?

A: 检查 config.json 中的参数名是否与 RPA 应用中的变量名完全一致

Q: 环境变量不生效?

A:

  1. 确认已执行 source ~/.bashrcsource ~/.zshrc
  2. 运行 echo $BAZHUAYU_WEBHOOK_KEY 检查是否已设置
  3. 如使用新终端,需重新执行 source 命令

📞 技术支持

📋 版本历史

版本日期更新内容
2.0.42026-03-08📸 新增图文教程 - Webhook 设置步骤详解,包含截图示例
2.0.32026-03-08🏷️ 名称优化 - 添加 RPA 关键词便于搜索和发现
2.0.22026-03-08🔐 日志安全修复 - 新增日志权限自动修复、完善 SKILL.md 元数据环境变量声明
2.0.12026-03-08🔧 安全优化 - 修复环境变量元数据、移除脚本自动修改 shell 配置、新增手动配置指南
2.0.02026-03-07🔐 安全增强版 - 新增环境变量支持、安全检查、配置脚本
1.0.12026-03-07🎉 初始公开发布
1.0.0-初始版本(内部迭代)

📄 许可证

MIT License

Files

24 total
Select a file
Select a file to preview.

Comments

Loading comments…