goverment bidding email
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a purpose-aligned government-procurement report email tool, but it uses SMTP credentials and an external fetcher, so users should configure and invoke it carefully.
Before installing, confirm you trust the separate govb-fetcher component, create a dedicated ~/.config/govb-email/.env with the intended SMTP account and recipients, and remember that running /govb-email sends an actual email report.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with real SMTP credentials, the skill can send email from that account to configured recipients.
The skill logs in to an SMTP account and sends email. This is expected for an email-reporting tool, but it is account-level authority that users should configure intentionally.
SMTP_USER = env_config['smtp_user'] SMTP_PASSWORD = env_config['smtp_password'] ... smtp.login(SMTP_USER, SMTP_PASSWORD) smtp.send_message(msg)
Use a dedicated SMTP account or app password where possible, restrict recipients in the .env file, and run the command only when you intend to send the report.
A mistaken invocation could send a procurement report to the configured recipients, or to a test address if --to is used.
The documented default action sends an email report, and the --to option can override recipients. This matches the stated purpose, but it is an external action with business impact.
- `/govb-email` → 发送昨日报告(默认) - `/govb-email --to test@example.com` → 测试发送至指定收件人
Treat /govb-email as a send action, not a preview. Confirm the date, keywords, and recipient settings before invoking it.
Running the tool from a directory with its own .env may cause it to use unexpected email settings or fail if those settings are incomplete.
The code checks a current-directory .env before the purpose-specific ~/.config/govb-email/.env file. It only uses named EMAIL_* settings, but a working-directory .env could affect which SMTP account and recipients are used.
candidates = [
Path.cwd() / '.env',
Path.home() / '.config' / 'govb-email' / '.env',
]Run it from a controlled directory or ensure the intended ~/.config/govb-email/.env is used. Consider removing the current-directory .env fallback or making the config path explicit.
This review cannot fully assess the external fetcher’s network behavior or file-writing behavior from the supplied artifacts alone.
The skill depends on a separate govb_fetcher package/module for fetching data, saving Excel files, and choosing the output directory, but that code is not included in the provided file contents.
from govb_fetcher.fetcher import fetch_all_bidding, save_to_excel from govb_fetcher.config import get_output_dir
Install govb-fetcher only from a trusted source and review its code or provenance before using this skill with SMTP credentials.