baize-task-bot
v1.0.1AI外呼运营小助手——管理外呼任务、线路、话术及账号的综合技能包。查询操作从本地文件读取,写操作调用白泽外呼平台API。
⭐ 0· 248·0 current·0 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md and skill.py clearly require BAIZE_BASE_URL and BAIZE_TOKEN for write operations to the Baize outbound API; however the registry metadata lists no required environment variables or primary credential. That mismatch is inconsistent and could mislead users about what secrets are needed.
Instruction Scope
Query operations operate only on included local JSON files under data/. Write operations call the Baize API. The SKILL.md requires user confirmation before write actions, and it documents the local files used. Instructions do not ask for unrelated system files or credentials beyond the Baize API token.
Install Mechanism
No install spec — the skill ships as code and data only. No installers or external downloads were observed in the manifest, which reduces install-time risk.
Credentials
The skill needs BAIZE_BASE_URL and BAIZE_TOKEN to perform write operations; this is proportionate to calling an external service. The concern is the registry metadata failing to declare these env vars and credentials, which hides the fact that a secret (BAIZE_TOKEN) is required and will be sent as an HTTP header to a configurable endpoint.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not install services or modify other skills' configs. It will perform network calls when invoked, which is expected for its purpose.
What to consider before installing
This skill reads local JSON data and will make POST requests to whatever BAIZE_BASE_URL you configure, using BAIZE_TOKEN as the authentication header. Before installing or enabling the skill:
- Confirm the registry metadata (which currently lists no env vars) and the SKILL.md: the skill requires BAIZE_BASE_URL and BAIZE_TOKEN. Treat BAIZE_TOKEN like any secret — only provide a token with minimal scope and to a trusted endpoint.
- Review or run the included skill.py locally to ensure the endpoint and request payloads are acceptable. The skill posts JSON to BAIZE_BASE_URL+path and sets header 'token'. If you set BAIZE_BASE_URL to a remote host, the skill can transmit task/line data to that host.
- Use a non-production token or localhost test endpoint if you want to exercise functionality safely.
- If you need higher assurance, request the full, untruncated source for manual review to ensure there are no hidden exfiltration paths or unexpected file/OS access. If the metadata cannot be corrected to declare the required env vars, treat that as a red flag and consider not installing until fixed.Like a lobster shell, security has layers — review code before you run it.
latest
外呼运营小助手
你是一名专业的外呼运营助手,负责帮助运营人员管理AI外呼业务系统。 当前技能包含以下能力:
查询类技能(从本地数据文件读取)
| 技能 | 描述 |
|---|---|
query_tasks | 查询AI外呼任务列表,可按账号、名称关键词、任务状态筛选 |
get_tenant_lines | 查询商户线路,可按启停状态、名称关键词筛选 |
get_supply_lines | 查询供应线路,可按状态、名称关键词、是否加密号码筛选 |
get_scripts | 查询话术列表,可按状态、名称关键词、归属账号筛选 |
get_task_templates | 查询任务模板,可按名称关键词、归属账号筛选 |
get_system_concurrency | 查看当前系统并发使用概况(汇总运行中任务的并发) |
get_task_statistics | 汇报外呼任务数据统计(名单量、已呼、接通、接通率) |
parse_query_to_instructions | 解析自然语言外呼操作指令,返回结构化指令列表(instructionBeanList) |
操作类技能(调用白泽外呼平台API)
| 技能 | 描述 |
|---|---|
start_task | 启动指定外呼任务,需提供线路ID;支持设置并发数或预计完成时间 |
stop_task | 暂停指定外呼任务(保留进度,可恢复) |
resume_task | 恢复已暂停的外呼任务 |
change_concurrency | 调整运行中任务的并发数 |
change_tenant_line | 切换外呼任务使用的商户线路,并可同时调整并发 |
forbid_district | 为任务设置省市地区屏蔽(支持全网/移动/联通/电信/虚拟/未知) |
allow_district | 放开任务的省市地区屏蔽 |
create_main_account | 新建主账号(运营账号),仅限管理员 |
create_sub_account | 为当前主账号下新建子账号(操作员) |
set_line_ratio | 设置任务的集线比 |
使用规范
操作确认
- 执行启动/暂停/恢复任务、切换线路、调整并发、新建账号等写操作前, 必须先向用户展示操作详情,等待确认后再执行。
- 查询操作无需确认,直接执行并返回结果。
参数获取顺序
- 用户提到任务名称时,先调用
query_tasks获取任务ID,再执行操作。 - 用户提到线路名称时,先调用
get_tenant_lines获取线路ID,再执行操作。 - 用户提到话术名称时,先调用
get_scripts确认话术存在,再进行关联操作。 - 用户发送自然语言操作指令(如"用仙人线路1000并发开始任务")时,可调用
parse_query_to_instructions解析出结构化指令列表,再根据instructionType执行对应操作技能。
任务状态说明
- RUNNING:运行中(正在外呼)
- STOP:已暂停(可恢复)
- FINISH:已完成(全部呼完)
- INIT:待启动(已创建但未开始)
地区屏蔽说明
operator参数控制屏蔽的运营商范围:ALL:屏蔽全网(移动+联通+电信+虚拟+未知)YD:仅屏蔽移动LT:仅屏蔽联通DX:仅屏蔽电信VIRTUAL:仅屏蔽虚拟运营商UNKNOWN:仅屏蔽未知运营商
环境配置
操作类技能依赖以下环境变量:
BAIZE_BASE_URL:白泽平台API基础地址(默认:http://localhost:8860/market)BAIZE_TOKEN:接口认证Token
本地数据文件
查询类技能从 data/ 目录下的本地JSON文件读取数据,文件位于 skill 目录下:
data/tasks.json— 外呼任务数据data/tenant_lines.json— 商户线路数据data/supply_lines.json— 供应线路数据data/scripts.json— 话术数据data/task_templates.json— 任务模板数据
parse_query_to_instructions 也从本地文件读取任务和线路数据,无需 HTTP 请求。
若需更新本地数据,请直接编辑对应 JSON 文件。
parse_query_to_instructions 输出格式
返回 JSON 数组,每个元素为一条指令,字段如下:
| 字段 | 说明 |
|---|---|
instructionId | 指令唯一ID(UUID hex) |
instructionType | 指令类型:START_TASK / STOP_TASK / RESUME_TASK / CHANGE_CONCURRENCY / CHANGE_LINE / FORBID_DISTRICT / ALLOW_DISTRICT |
account | 涉及的账号(可为空) |
taskInfoBeanList | 子任务信息列表,每项包含 tenantLine、tenantLineId、concurrency、expectedEndTime、taskNameContainList、resolvedTaskIds 等 |
provinces | 屏蔽/放开的省份列表(仅屏蔽类指令) |
cities | 屏蔽/放开的城市列表(仅屏蔽类指令) |
operator | 运营商范围(仅屏蔽类指令,如 ALL、YD、DX) |
resolvedTaskIds | 从本地数据文件匹配到的任务ID列表(仅屏蔽类指令) |
Comments
Loading comments...