ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Geo Push Ops

v1.0.0

Handles Feishu message construction, sending with retries, rate limit detection, delivery diagnostics, and dead-letter queue management for geo alerts.

0· 89·1 current·1 all-time
by@liweijie0709-cmyk

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for liweijie0709-cmyk/geo-push-ops.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Geo Push Ops" (liweijie0709-cmyk/geo-push-ops) from ClawHub.
Skill page: https://clawhub.ai/liweijie0709-cmyk/geo-push-ops
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install geo-push-ops

ClawHub CLI

Package manager switcher

npx clawhub@latest install geo-push-ops
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, SKILL.md, and code all implement Feishu message construction, retries, rate-limit handling and diagnostics as claimed. However, the module includes a hard-coded webhook URL in send_to_feishu's default FeishuConfig instead of requiring the caller to supply one or using a declared environment variable; that credential-like value is not surfaced in the skill metadata and is disproportionate to the declared 'no required env vars'.
Instruction Scope
SKILL.md instructs the agent to build messages and call the Python API; the instructions do not ask the agent to read arbitrary files, system configs, or unrelated credentials. The runtime code performs HTTP POSTs to the provided webhook and logs diagnostics, which is within the stated scope.
Install Mechanism
This is an instruction+code skill with no install spec — nothing is downloaded or installed by the skill itself. That lowers the install risk; dependencies are standard (requests) and optional project imports are declared in the README.
!
Credentials
The skill declares no required env vars or primary credential, but the code contains a hard-coded webhook URL (https://open.feishu.cn/open-apis/bot/v2/hook/cb9b2f26-c8be-483b-afca-2e4a59061e76). Embedding an endpoint like this is effectively shipping a credential/recipient in code and could cause messages (including potentially sensitive event text) to be sent to an external third party if the caller does not override the default. The SKILL.md shows an example webhook placeholder, so the hard-coded value is inconsistent with the documentation and metadata.
Persistence & Privilege
The skill does not request permanent presence (always:false), does not modify other skills' configs, and has no declared system-level privileges. Autonomous invocation is allowed by default but is not combined with other privilege/infiltration signals here.
What to consider before installing
This skill appears to do what it says (compose Feishu messages and retry on errors) but it includes a hard-coded Feishu webhook URL in the code. Before installing or using it: 1) Review and replace the hard-coded webhook with your own webhook or make sure callers always pass a webhook in FeishuConfig; do not rely on the embedded default. 2) Search the full file for any other hard-coded endpoints or secrets (the provided listing was truncated). 3) If you will send real event data, confirm the webhook recipient is under your control — otherwise messages (potentially containing sensitive content) could be forwarded to an external party. 4) Prefer configuring credentials via environment variables or injected config rather than embedded constants. 5) Run the module in a test environment and inspect outbound requests (or disable network) to verify behavior before deploying to production.

Like a lobster shell, security has layers — review code before you run it.

latestvk9776pdqmx14bq7r59cdptqv3h83qnjc
89downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@liweijie0709-cmyk
latest
Download

geo-push-ops

推送操作技能。负责飞书消息的构建、发送、重试和投递诊断。

功能

  • 消息模板: 分层消息模板(高优先级警报 / 观察推送 / 摘要)
  • 飞书发送: 带重试机制的飞书 webhook 推送
  • 频率限制处理: 自动检测 11232 频率限制错误,递增延迟重试
  • 投递诊断: 详细记录 HTTP 状态、业务码、错误信息
  • 死信补投: 失败消息加入死信队列,支持后续补投

飞书配置

FEISHU_WEBHOOK = "https://open.feishu.cn/open-apis/bot/v2/hook/xxx"
FEISHU_RETRY_DELAY = 5      # 重试延迟(秒)
FEISHU_MAX_RETRIES = 3      # 最大重试次数

消息模板

高优先级警报(A 类)

🚨 宏观地缘高优先级 | 15:00

【事件】
伊朗总统:伊朗将继续进行正当防御

【判断】
偏利多原油、避险升温

【映射】
石油石化 / 国防军工 / 有色金属

【说明】
当前为突发阶段,若后续出现官方确认或进一步升级,影响可能继续扩大。

---
📡 数据源:财联社
🧠 AI 语义分析:已启用

观察推送(B/C 类)

🦾 宏观地缘观察 | 15:00

📰 最新动态
🔥 俄外长称美谋求掌控全球能源市场
⚠️ 黎巴嫩将就以色列军事行动向安理会申诉
○ 伊朗总统:伊朗将继续进行正当防御

📊 市场异动
📈 原油:+2.5%
📈 黄金:+1.8%

---
💡 当前为观察阶段,如有重大升级将单独推送

使用方法

Python API

from geo_push_ops import (
    send_to_feishu,
    build_feishu_message,
    DeliveryResult,
    FeishuConfig,
)

# 配置
config = FeishuConfig(
    webhook="https://open.feishu.cn/open-apis/bot/v2/hook/xxx",
    retry_delay=5,
    max_retries=3,
)

# 构建消息
from geo_event_router import Event

events = [event1, event2, event3]
message = build_feishu_message(events, market)

# 发送
result = send_to_feishu(message, config)

if result.delivered:
    print(f"✅ 推送成功({result.attempts}次尝试,{result.duration_ms}ms)")
else:
    print(f"❌ 推送失败:{result.error} (HTTP {result.http_status})")

DeliveryResult 结构

@dataclass
class DeliveryResult:
    target: str = "feishu"
    attempts: int = 0         # 尝试次数
    http_status: int = 0      # HTTP 状态码
    biz_code: int = 0         # 飞书业务码
    biz_msg: str = ""         # 业务消息
    delivered: bool = False   # 是否成功
    error: str = ""           # 错误信息
    duration_ms: int = 0      # 耗时(毫秒)

重试策略

尝试次数延迟时间说明
10s首次尝试
25s第一次重试
310s第二次重试

检测到频率限制错误码 11232 时,使用递增延迟重试。

错误处理

错误类型HTTP 码业务码处理方式
成功2000返回成功
频率限制20011232递增延迟重试
Webhook 无效20099991504记录错误,不重试
网络错误--记录错误,加入死信队列

依赖

  • requests: HTTP 请求库
  • geo_event_router: 事件数据结构(可选)
  • geo_market_impact_mapper: 市场数据(可选)

相关文件

  • 主模块:geo_push_ops.py

版本

  • v1.0.0: 初始版本,从 smart-geo-push.py v2.0 拆分

Comments

Loading comments...