ClawHub

元宝派主动推送

v2.1.1

主动向元宝派(Yuanbao Pai)群聊和私聊发送消息和文件。独立于 OpenClaw 插件通道,通过 WebSocket 协议直接推送,适用于 cron 定时任务、跨 session 通知等场景。

0· 148·0 current·0 all-time
byLuhui WANG@luhuiwang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Yuanbao proactive push) match the implementation: send.py implements WebSocket auth, message encoding, and optional COS upload; required binary (python3) and Python packages (websocket-client, cos-python-sdk-v5) are appropriate for the stated functionality.
Instruction Scope
SKILL.md instructs the agent to read ~/.openclaw/openclaw.json for channels.yuanbao (appKey/appSecret), obtain a sign token from the official Yuanbao endpoint, optionally upload to COS, then send via WebSocket — these steps are within the stated scope and are explicitly documented with warnings about conflicts.
Install Mechanism
No install spec (instruction-only runtime) — the package includes a send.py script that runs under python3; required third-party Python packages are listed. There is no remote download/execute or obscure install URL; user must ensure dependencies are pip-installed.
Credentials
No environment variables are requested. The script reads ~/.openclaw/openclaw.json to obtain channels.yuanbao.appKey and appSecret — this is necessary for operation, but that config file may contain other channel credentials; the code only uses the yuanbao fields and transmits credentials only to the official bot.yuanbao.tencent.com endpoints for signing and upload.
Persistence & Privilege
Skill does not request persistent/autostart privileges (always:false). It does not modify other skills or system-wide agent settings; WebSocket connections are temporary per send.
Assessment
This skill appears to do what it says: it reads your local OpenClaw config (~/.openclaw/openclaw.json) for Yuanbao appKey/appSecret, contacts Yuanbao endpoints to obtain temporary tokens, optionally uploads files to Tencent COS, and sends messages over a WebSocket. Before installing or running: (1) review ~/.openclaw/openclaw.json to confirm it contains only expected values and that you are comfortable giving the skill access to the Yuanbao bot credentials; (2) be aware this script will temporarily connect with the same bot_id used by the official plugin and can conflict with the running plugin (the README warns about kicks); (3) install required Python packages in an isolated environment (venv) to avoid dependency issues; (4) if you need stronger assurance, inspect the remaining parts of send.py (upload logic was truncated in the provided view) to confirm uploads and network calls are only to the documented endpoints. If you do not control the Yuanbao bot credentials or you don't want a script to read your OpenClaw config, do not install/run this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dw6rgdgvqehk985pcdf9r9s83nyq6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3

Comments