ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

military bidding email

v0.2.8

军工采购(军采)商机专用推报工具。汇总三大军采平台数据,生成 Excel 并通过 SMTP 发送邮件报告。与政府采购(政采)工具无关,仅处理军队采购渠道。当用户说"milb-email"、"军工商机邮件"、"推送军工商机"、"军工商机通报"时触发。注意:这不是通用邮件客户端,仅用于执行 milb 业务逻辑。

0· 241·0 current·0 all-time
by@zhangpengle

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zhangpengle/military-bidding-email.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "military bidding email" (zhangpengle/military-bidding-email) from ClawHub.
Skill page: https://clawhub.ai/zhangpengle/military-bidding-email
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: milb-email, milb-fetcher
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install military-bidding-email

ClawHub CLI

Package manager switcher

npx clawhub@latest install military-bidding-email
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code implements the claimed functionality (fetch data, build Excel, send via SMTP). However the registry metadata lists no required environment variables while SKILL.md and the code require multiple EMAIL_* settings (SMTP host/port/user/password, from/to, templates). The skill also depends on an external package/binary 'milb_fetcher' (imported as milb_fetcher.fetcher) which is not provided in the bundle; requiring that external binary is reasonable for fetching, but the omission from top-level environment/requirements declarations is an inconsistency.
!
Instruction Scope
Runtime instructions and code read configuration from .env files and use paths outside the package: code searches for .env in current working directory or ~/.config/milb-email/.env, SKILL.md instructs creating milb_email/.env, and CLAUDE.md refers to an attachment path under ~/.openclaw/workspace/military-bidding/. These mismatched config paths and the use of a workspace path outside the package are inconsistent and expand the skill's scope beyond the advertised 'package-local' configuration.
Install Mechanism
No official install spec is present in registry metadata, but SKILL.md contains a metadata line recommending 'pip install -e {baseDir}' and a pyproject.toml is included so editable pip install is possible. This is a reasonable install method (local package), but the registry's lack of an explicit install instruction is an omission to be aware of.
!
Credentials
The tool legitimately needs SMTP credentials and email addresses to send reports; these are present in SKILL.md and get_email_config(). However the top-level skill requirements list zero environment variables, which is misleading. The skill will require EMAIL_SMTP_PASSWORD (sensitive) and other EMAIL_* secrets — users must recognize they are giving an SMTP credential capable of sending email. The code also reads config from home directories and may access attachment files in ~/.openclaw/workspace, which grants the skill access to files outside its own directory.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide persistent privileges. It uses a /tmp lock file to prevent concurrent runs and reads/writes user-space files (workspace path), but it does not modify other skills or agent configuration.
Scan Findings in Context
[no_pre_scan_findings] expected: The static regex pre-scan reported no findings. That is not surprising (no obvious obfuscated or network-exfil strings), but absence of matches does not mitigate the configuration and metadata mismatches found in the code and SKILL.md.
What to consider before installing
Key points to consider before installing or running this skill: - The skill requires SMTP credentials (EMAIL_SMTP_USER and EMAIL_SMTP_PASSWORD) and email addresses to operate. These are sensitive: anyone with these credentials can send email via that SMTP server. Only supply them if you trust the code and the environment. - Metadata inconsistencies: registry metadata lists no required env vars, yet the SKILL.md and code require several EMAIL_* values. Confirm the actual required environment variables and where the .env must live before use. - Configuration path mismatch: SKILL.md suggests milb_email/.env, but the code looks in the current working directory or ~/.config/milb-email/.env. CLAUDE.md mentions an attachment path under ~/.openclaw/workspace. Clarify which paths will be read/written to avoid accidental exposure of other files. - External dependency: the fetch logic depends on a separate package/binary 'milb_fetcher' (not included). Verify the provenance and content of milb_fetcher before installing; it is responsible for retrieving data from the three military procurement sites and could perform additional network operations. - Review attachments: the code will attach an Excel file from ~/.openclaw/workspace/military-bidding/… ensure that directory only contains files you expect to be sent. - To raise confidence: request or inspect the milb_fetcher source, update registry metadata to declare required env vars explicitly, and fix SKILL.md/docs so the expected .env path and install instructions match the code. If you cannot verify those, treat the skill as potentially risky to run with real SMTP credentials or in environments containing sensitive files.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📧 Clawdis
Binsmilb-email, milb-fetcher
latestvk978xyem2wtdsx46mmpnf9p41s848697
241downloads
0stars
13versions
Updated 3w ago
v0.2.8
MIT-0
@zhangpengle
latest
Download

Milb Email

自动抓取商机并发送邮件报告。

环境变量要求

该技能必须在 .env 中配置以下核心参数才能激活:

  • EMAIL_TO, EMAIL_CC, EMAIL_FROM: 收发件地址
  • EMAIL_SMTP_HOST, EMAIL_SMTP_PORT: SMTP 服务器信息
  • EMAIL_SMTP_USER, EMAIL_SMTP_PASSWORD: 认证信息
  • EMAIL_SUBJECT_PREFIX, EMAIL_BODY_INTRO: 邮件模板配置
  • EMAIL_RECIPIENT_NAME, EMAIL_SENDER_NAME: 称呼和签名

快速使用

  • /milb-email → 发送昨日报告(默认,解决军队采购网白天更新的问题)
  • /milb-email --help → 显示帮助信息
  • /milb-email --today → 发送今日报告(获取各渠道最新数据)
  • /milb-email --date 2026-03-23 → 发送指定日期报告
  • /milb-email --keywords "模型,仿真" → 使用自定义关键词筛选
  • /milb-email --to test@example.com → 测试发送至指定收件人

参数说明

参数说明默认值
无参数默认昨日启用
--today今日(获取各渠道最新数据)-
--date YYYY-MM-DD指定日期-
--keywords WORDS关键词,逗号分隔配置中的默认关键词
--to ADDRESS测试发送至指定收件人.env 中的配置

数据源

  • 全军武器装备采购信息网
  • 军队采购网
  • 国防科大采购信息网

触发词

发送邮件、推送报告、邮件通知、商机通报

配置文件

配置文件位于 milb_email/.env(独立配置),可配置以下参数:

环境变量用途
EMAIL_TO收件人,逗号分隔
EMAIL_CC抄送人,逗号分隔
EMAIL_FROM发件人
EMAIL_RECIPIENT_NAME收件人称呼
EMAIL_SENDER_NAME发件人签名
EMAIL_SUBJECT_PREFIX邮件主题前缀
EMAIL_BODY_INTRO邮件正文开头
EMAIL_SMTP_HOSTSMTP 服务器
EMAIL_SMTP_PORTSMTP 端口
EMAIL_SMTP_USERSMTP 用户名
EMAIL_SMTP_PASSWORDSMTP 密码

创建配置文件可复制 milb_email/.env.examplemilb_email/.env 后修改。

技术说明

  • 数据来源:全军武器装备采购信息网、军队采购网、国防科大采购信息网(均为军采渠道,非政采)
  • 使用 SMTP 直接发送邮件(配置 EMAIL_SMTP_* 环境变量)
  • 使用文件锁防止并发执行

Comments

Loading comments...