← Back to Skills Marketplace
77
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install negotiation-bot-claw
Description
多轮商务谈判虾 — 规模化供应商谈判机器人。通过邮件与供应商进行多轮博弈,争取最优采购价格和条款。 **当以下情况时使用此 Skill**: (1) 需要向多家供应商批量发送询价邮件 (2) 需要对供应商报价进行多轮议价、压价 (3) 需要根据采购量、付款周期、交货时间等条件动态调整谈判策略 (4) 需要利用竞价...
Usage Guidance
在安装/启用前请注意:
- 这项技能需要对企业邮箱的 SMTP/IMAP 凭据(用户名/密码)进行配置,但这些凭据并未在 registry 元数据中声明——慎重对待并优先使用专用测试邮箱或仅授予最小权限账户;
- 仔细审核 ~/.openclaw/workspace/config/email.conf(或由 EMAIL_CONFIG 指定的路径)中将存放的凭据格式和访问权限,避免在个人/生产邮箱中放明文密码;考虑用应用专用密码或 OAuth 令牌替代明文密码;
- 由于脚本会批量发送邮件并解析收件箱,请确认合规与反垃圾策略(避免被邮箱服务商封禁或违反合同/法规);先在隔离环境和小规模测试账户上试运行;
- 如果担心敏感数据离开邮箱,审阅并审计脚本(send_email/parse 部分),并限制脚本的网络访问和日志记录;
- 若发布者身份未知且没有主页/维护者信息,则在生产环境使用前应谨慎验证代码完整性或要求更透明的发布者来源。
Capability Analysis
Type: OpenClaw Skill
Name: negotiation-bot-claw
Version: 1.0.0
The skill provides a framework for automated email negotiations but exhibits high-risk behaviors and security vulnerabilities. The script `scripts/email-negotiator.sh` requires full IMAP/SMTP credentials to read and send emails, which is a significant privilege. Furthermore, the script is vulnerable to command injection: it uses unsanitized shell variables (extracted from supplier CSVs or email bodies) directly within `sed` expressions and interpolates them into inline Python scripts using triple quotes. These vulnerabilities could allow a malicious supplier or a crafted input file to execute arbitrary code on the agent's system.
Capability Assessment
Purpose & Capability
技能名称、描述、模板和脚本都围绕通过邮件对多家供应商进行多轮议价展开,所包含的模板、价格基线和供应商画像与目的相符. 然而 registry 元数据并未声明需要邮箱凭据或配置文件(SKILL.md 显式要求 IMAP/SMTP 配置),这与技能实际运行所需的权限不一致。
Instruction Scope
SKILL.md 的运行说明限定在通过邮件批量询价、解析回信并多轮议价,且引用同包内的模板和脚本。脚本会读取供应商 CSV、发送邮件并连接 IMAP 解析收件箱;这些动作均在技能声明的功能范围内,但会访问用户邮箱并处理邮箱正文/附件(脚本当前只提取正文文本中的价格)。
Install Mechanism
该 skill 为 instruction-only 且仅包含本地 Bash/Python 脚本,没有下载或远程安装步骤;没有将外部二进制或不受信任的 URL 写入磁盘,安装风险较低。
Credentials
脚本明确需要 SMTP/IMAP 凭据(SMTP_HOST/USER/PASS、IMAP_HOST/USER/PASS)并默认读取 ~/.openclaw/workspace/config/email.conf 或由 EMAIL_CONFIG 指定的文件,但 registry 要求中未声明任何必需凭据或主凭证。凭据以明文形式在本地配置文件中被 source,这带来凭证泄露或误用风险;解析收件箱也可能暴露敏感邮件内容。
Persistence & Privilege
没有设置 always:true,也不修改其他技能或全局代理配置;行为限制在发送邮件、读取配置和解析 IMAP 邮箱,未要求持续驻留或提升平台权限。
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install negotiation-bot-claw - After installation, invoke the skill by name or use
/negotiation-bot-claw - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
初始发布:规模化供应商邮件谈判 Skill,支持批量询价、多轮议价、报价汇总
Metadata
Frequently Asked Questions
What is 多轮商务谈判虾?
多轮商务谈判虾 — 规模化供应商谈判机器人。通过邮件与供应商进行多轮博弈,争取最优采购价格和条款。 **当以下情况时使用此 Skill**: (1) 需要向多家供应商批量发送询价邮件 (2) 需要对供应商报价进行多轮议价、压价 (3) 需要根据采购量、付款周期、交货时间等条件动态调整谈判策略 (4) 需要利用竞价... It is an AI Agent Skill for Claude Code / OpenClaw, with 77 downloads so far.
How do I install 多轮商务谈判虾?
Run "/install negotiation-bot-claw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 多轮商务谈判虾 free?
Yes, 多轮商务谈判虾 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 多轮商务谈判虾 support?
多轮商务谈判虾 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 多轮商务谈判虾?
It is built and maintained by Ricky (@tujinsama); the current version is v1.0.0.
More Skills