auto-customer-support
v1.0.0自动化客服(基于 FAQ 的轻量检索回复 + 简单转人工/工单接口;支持 Webhook 接入、邮件/企业微信/工单系统集成与可选升级到 LLM 混合模式)。
⭐ 0· 14·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (FAQ-based lightweight customer support + escalation) matches the files and code: a small Flask webhook server, sample FAQ CSV, reply template, and integration guidance. The included endpoints (/webhook, /escalate) and CSV-based matching implement the claimed functionality.
Instruction Scope
Runtime instructions tell the agent to install Flask and start the provided server. The server code runs app.run(host='0.0.0.0', debug=True) which exposes a debug-mode dev server to the network if run as-is — dangerous if deployed publicly. SKILL.md also offers to create/start the service in the workspace (fine for local testing) but could lead to accidental public exposure if the operator is not careful. The code does not read or transmit other local files or secrets beyond an optional CONFIDENCE_THRESHOLD env var.
Install Mechanism
This is an instruction-only skill with no install spec. The only dependency is Flask (install via pip). No remote downloads or extract operations are specified and code size is small.
Credentials
The skill metadata declares no required env vars, but the code reads CONFIDENCE_THRESHOLD from the environment if present. Integration guides mention external channel credentials (CorpID/Secret, SMTP creds, Zendesk tokens) but these are not required by this code — they would be needed only when you implement channel integrations. The discrepancy (undeclared optional env var) is minor but worth documenting.
Persistence & Privilege
The skill does not request permanent/always-on inclusion and does not modify other skills or system-wide settings. It only provides a local web service when run; the principal privilege/risk is network exposure from running the dev server, not any elevated platform privileges.
Assessment
This skill appears to do what it says: a tiny FAQ-based webhook server. Before running or deploying it, consider: 1) Do NOT run the bundled server in production as-is — it starts Flask with debug=True and host=0.0.0.0, which can expose an interactive debugger and allow remote code execution if internet-accessible. Change debug=False and bind to localhost or run behind a proper WSGI server (gunicorn/uwsgi) and reverse proxy. 2) The code reads an optional CONFIDENCE_THRESHOLD env var but the metadata doesn't declare it — set it explicitly if you need a non-default value. 3) The integration guide mentions external credentials (WeChat/SMTP/Zendesk); those are not used by the sample code but will be required when you implement channel integrations — keep those secrets in environment variables or a secrets manager, and do not paste them into chat. 4) Treat the provided data and templates as examples only (remove sample data before production). 5) Fix the small packaging/run instructions (typo like 'uv pip install flask') and consider adding a proper install/run README and production deployment notes. If you plan to let the agent create/start the service in your workspace, make sure the workspace network exposure and runtime settings are appropriate (no public debug server).Like a lobster shell, security has layers — review code before you run it.
latestvk97a5qw71fv0jx8qfacfvzexgn84n3hm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.