ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Multi Platform Notifier

统一接口发送企业微信、钉钉、飞书通知,支持配置管理、消息模板和发送历史查询。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 29 · 0 current installs · 0 all-time installs
by@zhaog100
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (multi-platform notifier for 企业微信/钉钉/飞书) align with the included scripts and templates. However the package metadata declares no required binaries or env vars while the scripts clearly call external tools (curl, jq). The README/SKILL.md also claim '纯本地执行 / 无需外部依赖' which is misleading because network access is required to send webhooks and jq/curl are required at runtime.
Instruction Scope
SKILL.md instructions map to the script behavior (config management, sending, history). The runtime instructions and scripts only read/write files under the skill directory (config/platforms.conf, logs/send.log) and call curl to POST to user-provided webhook URLs. There are no hardcoded remote endpoints or unexpected data-collection steps in the code.
Install Mechanism
No install spec (instruction-only) is present — lowest install risk. Note: code files are included (shell scripts) so the skill will run local scripts; nothing is downloaded from external URLs during install.
!
Credentials
The skill declares no required credentials/env vars and stores webhooks in a local config file (platforms.conf) — that is reasonable. Concern: required runtime tools (curl and jq) are not declared in metadata. Also, because webhooks are arbitrary URLs, a misconfigured or malicious webhook can receive any message content (possible exfiltration of sensitive text).
Persistence & Privilege
always:false, no modifications to other skills or system-wide configs. The script creates/updates files only under its own directory (config/ and logs/). It sets config file permission to 600 which is good practice.
Scan Findings in Context
[no-findings] expected: Static pre-scan found no injection signals or suspicious regex matches. Given the skill ships readable shell scripts and templates, absence of findings is expected and does not imply safety.
What to consider before installing
This skill generally does what it says (send messages via webhooks to 企业微信/钉钉/飞书). Before installing or using it: 1) Ensure the host has curl and jq installed (the scripts call both but metadata doesn't list them). 2) Inspect and control webhook URLs you add — webhooks are arbitrary endpoints and will receive whatever content you send, so don't point them at untrusted servers or include secrets in messages. 3) Review and place the skill in an isolated environment if you are unsure; check config/platforms.conf and logs/send.log for sensitive data and ensure permissions (it sets 600 but verify). 4) If you need network isolation or signed webhooks, add those protections before sending production data. 5) If desired, request the maintainer update metadata to declare required binaries and clarify the 'no external dependencies' claim. If you want me to, I can list the exact code lines that call curl/jq and where files are read/written.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9703rwqyk00hwhwchm0x02qmn8308ym

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

multi-platform-notifier - 多平台通知集成

版本: v1.0
创建时间: 2026-03-16
创建者: 小米辣 (PM + Dev)
状态: Phase 1 完成

📋 简介

统一的多平台通知发送工具,支持企业微信、钉钉、飞书三个主流平台。

🎯 核心功能

Phase 1(已完成)

  • ✅ 统一发送接口
  • ✅ 配置管理(add/remove/list/test)
  • ✅ 发送历史查询
  • ✅ 消息模板支持

Phase 2(计划中)

  • ⏳ 失败重试机制
  • ⏳ 并发发送优化
  • ⏳ 更多消息类型(卡片、图文)

🚀 使用方法

# 发送文本消息
./skill.sh send -p wecom -c "系统告警:CPU 使用率 95%"

# 发送到所有平台
./skill.sh send -p all -c "重要通知"

# 使用模板
./skill.sh send -p wecom -T alert --level 紧急 --message 服务器宕机

# 配置管理
./skill.sh config --add wecom "YOUR_WEBHOOK"
./skill.sh config --list
./skill.sh config --test wecom

# 查看历史
./skill.sh history --limit 10

📊 支持的平台

平台标识消息类型状态
企业微信wecomtext/markdown
钉钉dingtalktext/markdown
飞书feishutext/post

📝 许可证与版权声明

MIT License

Copyright (c) 2026 思捷娅科技 (SJYKJ)

免费使用、修改和重新分发时,需注明出处。

出处

商业使用授权

  • 小微企业(<10 人):¥999/年
  • 中型企业(10-50 人):¥4,999/年
  • 大型企业(>50 人):¥19,999/年
  • 企业定制版:¥99,999 一次性(源码买断)

详情请查看:LICENSE

最后更新:2026-03-16 08:11 版本:v1.0

Files

10 total
Select a file
Select a file to preview.

Comments

Loading comments…