Geo Push Policy
v1.0.0管理事件推送策略,包括冷却期、观察池、推送次数限制、事件状态跟踪和频率限制保护。
⭐ 0· 67·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description, SKILL.md and the included Python module all describe push-policy logic (cooldowns, watch pool, dead-letter queue, push counts). Nothing in the manifest or shown code requests unrelated capabilities (no AWS, no broad system access).
Instruction Scope
Runtime instructions are narrowly scoped to loading/saving a state file, evaluating events, updating caches and handling a dead-letter queue. The SKILL.md examples show passing a send function (e.g., send_to_feishu) rather than embedding secret access. The skill does not instruct the agent to read arbitrary system files or exfiltrate data.
Install Mechanism
There is no install spec and no external downloads; the skill is delivered as source code + instructions, which is the lowest-risk installation model. An optional dependency 'geo_push_ops' is documented but not required by the core logic.
Credentials
The skill declares no required environment variables or credentials. The SKILL.md example references sending to Feishu (which would require credentials in a real deployment), but the skill itself does not ask for or access credentials — responsibility to supply/send is left to the integrator.
Persistence & Privilege
always:false and user-invocable:true (default). The code reads/writes its own state file via AppState.load/save; it does not attempt to modify other skills or global agent configuration. Autonomous invocation is allowed by platform default but is not excessive on its own.
Assessment
This skill appears coherent for managing push/cooldown/watch-pool logic and does not, as presented, request credentials or install external code. Before installing: (1) review the full geo_push_policy.py file (the provided preview was truncated) to confirm there are no hidden network calls or credential usages; (2) if you wire in a send function (e.g., send_to_feishu), ensure API tokens are stored securely and only provided when needed; (3) choose a safe STATE_FILE path and limit file permissions so the skill only writes to its own directory; (4) if you plan to run the skill autonomously, test it in an isolated environment first and confirm the optional dependency 'geo_push_ops' comes from a trusted source. If you want, I can scan the remainder of the file for network operations or secrets usage — provide the complete geo_push_policy.py content.Like a lobster shell, security has layers — review code before you run it.
latestvk97b3y5drpb872b1bx92qa14t183p2er
License
MIT-0
Free to use, modify, and redistribute. No attribution required.