ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Recruit Email Monitor

招聘邮件监控系统 - 自动检查邮箱、记录到表格、飞书通知、每日简报

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 73 · 0 current installs · 0 all-time installs
by@haoxianniu528-bit
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (email monitoring → Excel + Feishu notifications) matches the included scripts. However the shipped code contains hard-coded email accounts and passwords and fixed Feishu target IDs (not declared as required secrets or optional placeholders). It also calls the OpenClaw CLI to send Feishu messages but the skill metadata does not declare a dependency on an 'openclaw' binary or the platform Feishu plugin. Bundling other people's credentials and a hard-coded external recipient is not necessary for the stated purpose.
!
Instruction Scope
SKILL.md instructs editing the scripts to configure accounts, but the scripts already contain specific account credentials and a Feishu recipient ID. The runtime instructions recommend importing cron jobs that are enabled by default. The scripts read/write files under home (EXCEL_PATH, PROCESSED_FILE), call subprocess to invoke 'openclaw message send' (sending content externally), and do not offer or document using environment variables to store secrets—encouraging secrets in code. This grants the skill authority to read/modify email data and transmit summaries to an external Feishu account unless the user changes the defaults.
Install Mechanism
There is no automated install that downloads arbitrary code; the skill is instruction-only with bundled scripts. The only dependency is openpyxl (pip) which is reasonable for Excel I/O. SKILL.md incorrectly lists 'poplib' under pip (poplib is in the Python stdlib), but no remote downloads or extract operations are used.
!
Credentials
The skill declares no required env vars or primary credential, but the scripts embed sensitive credentials (EMAIL_ACCOUNTS with email addresses and passwords) and hard-coded Feishu target IDs. The presence of these secrets in the repo and the use of a fixed external Feishu recipient are disproportionate and unexpected for an installable skill; users would normally provide their own credentials via config or env vars. The skill also assumes specific filesystem paths (/home/erhao/..., ~/.openclaw/...), which leaks implementation assumptions and can cause data to be written to unexpected locations.
Persistence & Privilege
always: false (not force-enabled). However cron-jobs.json in the repo contains enabled=true jobs and INSTALL.md instructs importing them. If the user imports those jobs without auditing, the scripts will run periodically (hourly/daily) and send data externally. The skill does not modify other skills, but its default cron config together with hard-coded credentials and target IDs increases persistent risk if installed as-is.
What to consider before installing
Do NOT install or enable the cron jobs without reviewing and editing the scripts. Immediate actions to take before use: - Remove any hard-coded email accounts/passwords from scripts; configure your own accounts via a secure mechanism (environment variables or a protected config file), not inline constants. - Search both scripts for Feishu target IDs (e.g., 'ou_8de0...') and replace them with your own target or require a configurable value; otherwise notifications will go to the repository author's account. - Verify the 'openclaw message send' calls and ensure the OpenClaw CLI and Feishu plugin are trusted and configured correctly; consider replacing with direct API integration that uses your secrets stored securely. - Update EXCEL_PATH and PROCESSED_FILE to safe locations and inspect file permissions. - Prefer storing secrets in a secrets manager or environment variables and avoid committing credentials into code. If the included credentials are real, treat them as compromised and do not reuse them. If you are not comfortable auditing and editing the Python scripts yourself, do not install this skill.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97csq9awfwsnvhsb2aqpv4pks835rqm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📧 Clawdis
Binspython3

SKILL.md

招聘邮件监控系统

自动监控多个邮箱的招聘相关邮件,记录到 Excel 表格,支持飞书实时通知和每日简报。

功能

  • 自动检查: 每小时检查 QQ 邮箱、163 邮箱等
  • 智能分类: 自动识别笔试/测评、面试、Offer、宣讲会、投递确认等类型
  • 实时通知: 发现新邮件时立即发送飞书消息
  • 每日简报: 每天早上 9:00 汇总待处理邮件
  • 表格管理: 自动记录到 Excel,支持状态标记

快速开始

1. 配置邮箱

编辑 scripts/email-heartbeat-check.py,配置你的邮箱账号:

EMAIL_ACCOUNTS = [
    {
        'name': 'QQ 邮箱',
        'user': 'your_qq@qq.com',
        'password': 'your_auth_code',  # 使用授权码,不是登录密码
        'host': 'pop.qq.com',
        'port': 995,
    },
    {
        'name': '163 邮箱',
        'user': 'your_name@163.com',
        'password': 'your_auth_code',
        'host': 'pop.163.com',
        'port': 995,
    }
]

2. 配置飞书通知

在脚本中修改飞书目标用户 ID:

'--target', 'user:YOUR_FEISHU_USER_ID'

3. 设置定时任务

使用 OpenClaw 的 cron 系统或系统 crontab:

# 每小时检查邮箱
0 * * * * python3 /path/to/email-heartbeat-check.py

# 每天早上 9:00 发送简报
0 9 * * * python3 /path/to/email-daily-briefing.py

脚本说明

email-heartbeat-check.py

功能: 检查邮箱,发现新招聘邮件时记录到表格并发送飞书通知

运行频率: 建议每小时一次

输出:

  • 更新 Excel 表格
  • 发送飞书通知(如有新邮件)

email-daily-briefing.py

功能: 汇总待处理邮件,生成日报并发送

运行频率: 每天早上 9:00

输出:

  • 生成简报文件
  • 发送飞书消息

邮件分类规则

类型关键词
笔试/测评笔试、在线笔试、笔试通知、测评、人才测评、性格测评
面试面试、面试邀请、面试通知
Offer/录用offer、录用、签约、三方
宣讲会宣讲会、说明会、open day
投递确认投递成功、简历、申请
其他其他招聘相关邮件

表格结构

列名说明
日期邮件收到时间
邮箱邮箱账号 (QQ/163)
主题邮件主题
发件人发件人地址
状态⏳ 待处理 / ✅ 已完成
类型邮件分类
链接邮件中的重要链接
截止日期截止/面试日期

命令行示例

# 手动检查邮箱
python3 scripts/email-heartbeat-check.py

# 手动生成简报
python3 scripts/email-daily-briefing.py

# 查看表格
open /home/erhao/shared/招聘邮件汇总.xlsx

注意事项

  1. 邮箱授权码: QQ/163 邮箱需要使用授权码,不是登录密码
  2. 表格路径: 确保 Excel 文件路径正确,首次运行会自动创建
  3. 飞书权限: 确保 OpenClaw 有飞书消息发送权限
  4. 关键词匹配: 可根据需要调整 RECRUITMENT_KEYWORDS 列表

故障排查

问题: 没有检测到新邮件

  • 检查邮箱授权码是否正确
  • 查看脚本运行日志
  • 确认关键词匹配规则

问题: 飞书通知未发送

  • 检查飞书用户 ID 是否正确
  • 确认 OpenClaw 飞书插件已启用

问题: 表格写入失败

  • 检查文件路径权限
  • 确保 Excel 文件未被其他程序占用

相关文件

  • scripts/email-heartbeat-check.py - 邮箱检查脚本
  • scripts/email-daily-briefing.py - 每日简报脚本
  • /home/erhao/shared/招聘邮件汇总.xlsx - 邮件汇总表格
  • /home/erhao/shared/招聘邮件每日简报.txt - 简报输出文件

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…