goverment bidding fetcher
v0.1.10地方政府采购商机自动抓取工具(非军队采购)。从北京中建云智、湖南政府采购网等地方政府采购平台抓取招标公告,按关键词过滤,补全采购人、代理机构、预算、时间节点等详情,生成 Excel 报表。与 milb-fetcher(军队采购)互补,本工具专注地方政府渠道。
⭐ 0· 180·0 current·0 all-time
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The package code (fetcher.py + config.py) implements exactly the described behavior (fetch pages from Beijing and Hunan procurement sites, filter by keywords, build Excel). Requiring cookies/Bearer for the Beijing source is coherent with the stated purpose. However, the registry metadata claims no required env vars while SKILL.md and the code expect multiple FETCHER_* environment variables (credentials, keywords, proxy settings), which is an inconsistency.
Instruction Scope
Runtime instructions and code stay within the scraping/reporting scope: they call only the described vendor domains (zbcg-bjzc.zhongcy.com and ccgp-hunan.gov.cn), read .env/config and environment variables, and produce an Excel file. One behavior to note: the code automatically writes/refreshed session token (FETCHER_BJZC_TBSESSION) back to the chosen .env file, which persists credentials to disk without additional confirmation.
Install Mechanism
No install spec is present in the registry, but the package contains a pyproject.toml and SKILL.md recommends 'pip install -e .'. Installation appears to be a normal local pip install of this Python package (dependencies: requests, openpyxl, python-dotenv). There are no external download URLs or scripts that fetch arbitrary third-party payloads in the manifest — lower-risk but the missing formal install entry in registry is an inconsistency.
Credentials
The code expects several sensitive environment variables (Bearer token and multiple cookie/session values for the Beijing site) and will persist them to a local/global .env file. The registry declares no required env vars; this mismatch means users may inadvertently provide credentials without realizing. Also, FETCHER_PROXY allows routing traffic through a user-provided proxy (legitimate for some users but could be abused if set to an attacker-controlled proxy).
Persistence & Privilege
always:false and the skill does not request system-wide privileges or modify other skills. It does persist its own configuration/credentials to either the current directory .env or ~/.config/govb-fetcher/.env (expected for this tool), which is normal but worth noting for credential hygiene.
What to consider before installing
This skill's code generally matches its description (scraping Beijing and Hunan procurement sites and creating Excel reports). Before installing: 1) Understand it needs site credentials for the Beijing source (Bearer token and cookies) — only provide these if you trust the source. 2) The tool will write session tokens into a .env file (local .env or ~/.config/govb-fetcher/.env); treat those files as sensitive and remove/revoke tokens after use if needed. 3) The registry omitted declaring these env vars — that's an inconsistency; ask the publisher or inspect the code yourself before supplying secrets. 4) Consider running the package in a sandbox/container or on a throwaway account, and inspect pyproject.toml and the code paths if you plan to install system-wide. 5) If you must use a proxy, ensure it is trusted (attacker-controlled proxy could capture credentials and scraped data).Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🏛️ Clawdis
latest
govb-fetcher
从多个地方政府采购平台自动抓取招标公告,关键词过滤后生成 Excel 报表。
快速使用
/govb-fetcher→ 抓取今日数据(默认)/govb-fetcher --help→ 显示帮助信息
日期选择(三选一,不指定则默认今日)
/govb-fetcher --today→ 抓取今日/govb-fetcher --yesterday→ 抓取昨日/govb-fetcher --date 2026-03-30→ 抓取指定日期
输出控制
--no-detail→ 仅输出列表字段(更快,跳过详情接口,Excel 只保留有值的列)--output /path/to/file.xlsx→ 指定输出路径
筛选参数
--keywords "关键词1,关键词2"→ 覆盖核心关键词--exclude-keywords "词1,词2"→ 覆盖排除关键词--high-value-keywords "词1,词2"→ 覆盖高价值关键词(影响推荐等级)
凭证更新
/govb-fetcher --set-cookie --source bjzc --bearer "Bearer xxx" --session "YGCG_TBSESSION=xxx; JSESSIONID=xxx; jcloud_alb_route=xxx"
数据源
| 标识 | 平台 | 认证 |
|---|---|---|
bjzc | 北京中建云智政府采购网 | 需 Cookie + Bearer |
hnzc | 湖南政府采购网 | 免认证 |
推荐等级
- 高:命中高价值关键词(模型/仿真/数据/AI/软件等)或含「意向」
- 中:命中「系统」关键词
- 空:其他匹配项
触发词
政府采购商机、地方政府采购、地方招标、北京政府采购、湖南政府采购、政府商机
配置文件
配置文件搜索顺序(高优先级在前):
- 当前目录
.env ~/.config/govb-fetcher/.env
| 环境变量 | 用途 |
|---|---|
FETCHER_BJZC_BEARER_TOKEN | 北京政采 Bearer token |
FETCHER_BJZC_TBSESSION | 北京政采 YGCG_TBSESSION(自动刷新) |
FETCHER_BJZC_JSESSIONID | 北京政采 JSESSIONID |
FETCHER_BJZC_ALB_ROUTE | 北京政采负载均衡路由 |
FETCHER_KEYWORDS | 核心关键词,逗号分隔 |
FETCHER_EXCLUDE_KEYWORDS | 排除关键词,逗号分隔 |
FETCHER_HIGH_VALUE_KEYWORDS | 高价值关键词,逗号分隔 |
FETCHER_OUTPUT_DIR | Excel 输出目录(默认 ~/.openclaw/workspace/govb-bidding) |
FETCHER_USE_PROXY | 是否启用代理,true / false(默认 false) |
FETCHER_PROXY | 代理地址,格式 http://user:pass@host:port |
Comments
Loading comments...