ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Follow-up Engine (CRM Automation)

v1.0.0

Automated customer follow-up scheduling and execution engine for B2B sales. Generates personalized follow-up email drafts based on customer stage, last conta...

0· 92·1 current·1 all-time
byJaden's built a claw@cjboy007
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (CRM follow-up automation) aligns with the included scripts and config (scheduler, OKKI integration, follow-up rules). However metadata claims 'no required env vars' and 'no required binaries', while SKILL.md and the code expect an OKKI CLI path and Discord credentials—this is a mismatch that should have been declared in the registry metadata.
!
Instruction Scope
Runtime instructions and the scripts read and write local filesystem paths (drafts/, logs/), create cron entries (SKILL.md shows example cron lines), call an external OKKI CLI (python3 okki.py), and post notifications to Discord. The SKILL.md explicitly references environment variables (OKKI_CLI_PATH, DISCORD_BOT_TOKEN, DISCORD_CHANNEL_ID) that are not declared in the skill metadata. The scheduler includes a simulated OKKI scan for examples, but okki-integration.js actually executes the external CLI—so the skill will invoke external networked systems when run.
Install Mechanism
There is no install spec (instruction-only), which is lower platform install risk, but the package includes multiple code files (JS scripts, configs, tests). Because code is bundled, installing the skill adds executable scripts to the workspace; the absence of an explicit install step means the user must trust the bundled code. No third‑party downloads are performed by the skill itself.
!
Credentials
The SKILL.md and the code expect several environment/config values (OKKI_CLI_PATH, optional OKKI_SYNC_RECORD_FILE, DISCORD_BOT_TOKEN, DISCORD_CHANNEL_ID) even though the registry lists no required env vars or primary credential. Requesting a Discord bot token and a path to an external CLI are plausible for the stated purpose, but they must be explicitly declared and minimized. The skill also reads/writes files under tmp and workspace areas and writes a sync record to the OS temp dir—these are typical but should be documented and consented to.
Persistence & Privilege
The skill is not always: true and does not request special platform privileges. It writes files into its own workspace (drafts/, logs/) and a sync record under the OS temp directory—acceptable for its function. There is no code in the bundle that modifies other skills' configs or system-wide agent settings.
What to consider before installing
Key things to consider before installing or running this skill: - Metadata mismatch: The skill package metadata claims no required env vars, but SKILL.md and the scripts require OKKI_CLI_PATH, DISCORD_BOT_TOKEN, and DISCORD_CHANNEL_ID. Treat that as an attention point — ask the maintainer to update the manifest or update the metadata before trusting it. - Review the bundled code first: The skill includes executable scripts (follow-up-scheduler.js and okki-integration.js) that will read/write drafts/ and logs/, and invoke an external OKKI CLI using python3. Inspect the okki.py (or the CLI referenced by OKKI_CLI_PATH) before running to ensure it is trusted and does only the expected CRM API calls. - Least privilege for credentials: If you provide a DISCORD_BOT_TOKEN or any OKKI credentials, create scoped/limited tokens (least privilege) and consider using a bot account with only the channel permission required. Avoid using highly privileged service tokens unless necessary. - Run in dry-run / isolated environment first: Use the --dry-run options and run on a test workspace to verify behavior. Monitor network calls and filesystem changes. Consider running in a sandboxed environment or container, especially if OKKI_CLI_PATH points to an unreviewed script. - Sanitize logs and storage: The code logs and stores drafts locally and in tmp; verify that logs are properly redacted for PII and ensure file permissions are appropriate for your security requirements. - Ask the maintainer for clarity: Request an updated registry manifest that lists required environment variables and precise privileges, and request proof or link to the OKKI CLI implementation (source or official release). If the skill cannot provide these, treat it as higher risk. If you want, I can (a) produce a checklist of tests to run in a sandbox, or (b) highlight specific lines in the two scripts that you should verify with the OKKI CLI and Discord settings.
scripts/okki-integration.js:70
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dj9r4gqtj7q4be6p4w32n3h83prrv
92downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
Jaden's built a claw@cjboy007
latest
Download

Follow-up Engine - OpenClaw Skill 定义

技能描述

自动化客户询盘跟进规则引擎,基于配置的时间触发器和条件判断,智能生成跟进邮件草稿并同步到 OKKI CRM。

触发条件

定时触发(Cron)

# 每 30 分钟执行一次检测
*/30 * * * * cd $WORKSPACE/skills/follow-up-engine && node scripts/follow-up-scheduler.js --mode auto >> /tmp/follow-up-scheduler.log 2>&1

# 每小时执行一次 OKKI 同步
0 * * * * cd $WORKSPACE/skills/follow-up-engine && node scripts/okki-integration.js --sync >> /tmp/okki-integration.log 2>&1

事件触发

  • 新询盘邮件到达 → 触发 new_inquiry 阶段跟进流程
  • 报价单发送完成 → 触发 quoted 阶段跟进序列
  • 样品寄送确认 → 触发 sample_sent 阶段跟进
  • OKKI 跟进记录创建 → 触发阶段流转检测

执行逻辑

1. Follow-up Scheduler 流程

1. 加载配置
   ↓
2. 扫描 OKKI 客户列表
   ↓
3. 识别每个客户当前阶段
   ↓
4. 计算下次跟进时间
   ↓
5. 匹配到期需要跟进的客户
   ↓
6. 生成跟进邮件草稿
   ↓
7. 保存到 drafts/ 目录
   ↓
8. 记录执行日志

2. OKKI Integration 流程

1. 读取 drafts/ 目录草稿
   ↓
2. 过滤已同步草稿(status != synced)
   ↓
3. 匹配 OKKI 客户(域名搜索 + 名称搜索)
   ↓
4. 调用 OKKI API 创建跟进记录
   ↓
5. 更新草稿状态为 synced
   ↓
6. 记录同步日志

输入输出

输入

来源数据类型说明
OKKI API客户列表客户邮箱、公司名称、阶段
follow-up-strategies.json配置跟进序列、模板、升级规则
task-001 email-smart-reply模板系统邮件模板内容

输出

目标数据类型说明
drafts/JSON 文件跟进邮件草稿
OKKI API跟进记录trail_type=105
logs/日志文件执行记录、错误信息
Discord通知消息待审阅草稿提醒

配置项

环境变量

# OKKI CLI 路径
export OKKI_CLI_PATH="$WORKSPACE/xiaoman-okki/api/okki.py"

# Discord Bot Token(通知用)
export DISCORD_BOT_TOKEN="your-discord-bot-token-here"

# 通知频道 ID
export DISCORD_CHANNEL_ID="<your-discord-channel-id>"

配置文件

文件用途必填
config/follow-up-rules.json跟进规则定义
config/stage-transitions.json阶段流转模型
config/follow-up-strategies.json跟进策略模板

CLI 命令

follow-up-scheduler.js

# Dry-run 模式(预览)
node scripts/follow-up-scheduler.js --dry-run

# 自动模式(定时触发)
node scripts/follow-up-scheduler.js --mode auto

# 手动模式(立即执行)
node scripts/follow-up-scheduler.js --mode manual

# 调试模式(详细日志)
node scripts/follow-up-scheduler.js --debug

# 强制更新阶段
node scripts/follow-up-scheduler.js --force-stage-update

okki-integration.js

# Dry-run 模式(预览)
node scripts/okki-integration.js --dry-run

# 同步模式(实际创建 OKKI 记录)
node scripts/okki-integration.js --sync

# 批量同步(指定草稿文件)
node scripts/okki-integration.js --batch drafts/*.json

# 查看同步日志
node scripts/okki-integration.js --logs

依赖关系

上游依赖

Skill用途必须
email-smart-reply (task-001)邮件模板系统
okki-email-sync (task-002)OKKI API 封装

下游集成

目标用途必须
OKKI CRM客户数据 + 跟进记录
Discord审阅通知
Obsidian日志归档

错误处理

常见错误码

错误原因解决方案
CONFIG_NOT_FOUND配置文件缺失检查 config/ 目录
OKKI_AUTH_FAILEDOKKI 认证失败检查 okki.py 配置
NO_CUSTOMERS_FOUND未找到客户检查 OKKI 连接
TEMPLATE_NOT_FOUND模板不存在检查 email-smart-reply

降级策略

  1. OKKI 不可用 → 使用本地缓存客户列表
  2. 模板不可用 → 使用默认跟进模板
  3. Discord 不可用 → 日志记录 + 本地通知文件

测试

单元测试

# 测试配置文件
node -e "JSON.parse(require('fs').readFileSync('config/follow-up-rules.json'))" && echo "✓ follow-up-rules.json valid"
node -e "JSON.parse(require('fs').readFileSync('config/stage-transitions.json'))" && echo "✓ stage-transitions.json valid"
node -e "JSON.parse(require('fs').readFileSync('config/follow-up-strategies.json'))" && echo "✓ follow-up-strategies.json valid"

端到端测试

# 运行 E2E 测试
bash test/e2e.sh

# 预期输出:
# ✓ 配置文件验证通过
# ✓ 模拟客户创建成功
# ✓ 草稿生成成功(3 封)
# ✓ OKKI 同步成功(dry-run)
# ✓ 日志记录完整

性能指标

指标目标值实测值
客户扫描速度> 100 客户/秒TBD
草稿生成时间< 1 秒/草稿TBD
OKKI 同步速度> 10 记录/秒TBD
内存占用< 100MBTBD

安全规范

  • ✅ 所有配置文件使用 JSON 格式(无代码注入风险)
  • ✅ OKKI API 调用使用官方 CLI(不直接暴露 API Key)
  • ✅ 日志脱敏处理(隐藏客户邮箱等敏感信息)
  • ✅ 发送前必须人工审阅(严禁自动盲发)

Skill 版本: 1.0
创建日期: 2026-03-24
维护者: Wilson Evolution System

Comments

Loading comments...