← 返回 Skills 市场
Bid Watcher
作者
Richardcoder849
· GitHub ↗
· v1.1.0
· MIT-0
70
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install bid-watcher
功能描述
投标情报监控系统。监控锂电池/储能/装配段行业招标信息,追踪4家竞争对手(无锡先导、海目星、赢合科技、联赢激光)的投标动态。每周自动采集、生成表格报告并发送邮件。
使用说明 (SKILL.md)
投标情报监控 Skill
目标公司
| 编号 | 公司名称 | 关键词 |
|---|---|---|
| 1 | 无锡先导智能装备股份有限公司 | 先导智能 |
| 2 | 海目星激光科技集团股份有限公司 | 海目星 |
| 3 | 深圳市赢合科技股份有限公司 | 赢合科技 |
| 4 | 深圳市联赢激光股份有限公司 | 联赢激光 |
监控关键词
锂电池储能装配段锂电设备电池生产设备
信息来源
- 搜索引擎: Bing 搜索(按关键词 + "招标" 搜索)
- 待扩展: 政府采购平台、招标雷达、剑鱼标讯 API
采集字段
每个招标机会记录以下字段:
投标时间: 招标截止时间/开标时间预算: 项目预算金额公司名称: 招标方/采购方公司背景: 采购方主营业务、规模是否有采购历史: 之前是否采购过同类设备历史供应商: 之前在哪家供应商采购的原文链接: 招标公告链接发现时间: 抓取时间竞争公司: 关联哪家竞争公司优先级: S/A/B/C 四级评分相关性: 高/低
工作流程(TaskFlow)
[每周定时触发]
↓
[Step 1] search_bids.py 搜索招标信息(行业平台)
↓
[Step 2] enrich_bids.py 提取公司/预算 + 优先级评分
↓
[Step 3] generate_report.py 生成周报(Markdown + Excel)
↓
[Step 4] 历史存档 data/history/
文件结构
bid-watcher/
├── SKILL.md
├── flows/
│ └── bid-monitor.lobster # TaskFlow 定义
├── scripts/
│ ├── search_bids.py # 搜索招标信息
│ ├── enrich_bids.py # 提取公司/预算 + 优先级评分
│ ├── generate_report.py # 生成周报(Markdown/Excel)
│ └── send_email.py # 发送邮件
└── data/
├── bids_raw_YYYYMMDD.json # 原始搜索结果
├── bids_parsed_enriched_YYYYMMDD.json # 补充背景后数据
├── bid_report_W*.md # 周报 Markdown
├── bid_report_W*.xlsx # 周报 Excel
└── history/
└── week_YYYYWW.json # 每周完整数据存档
优先级评分规则
| 维度 | 加分 | 说明 |
|---|---|---|
| 有预算金额 | +1 | |
| 大预算(≥1000万) | +1 | |
| 公司在已知背景库中 | +1 | |
| 有明确投标时间 | +1 | |
| 标题含"储能"/"锂电"/"动力电池" | +1 | |
| 竞争公司自身招标 | -2 | 排除 |
最终评分:S(≥4分) / A(3分) / B(2分) / C(≤1分)
使用方式
# 搜索招标信息
python scripts/search_bids.py
# 提取公司/预算 + 优先级评分
python scripts/enrich_bids.py
# 生成报告(Excel格式,默认)
python scripts/generate_report.py --format excel
# 生成报告(Markdown + Excel)
python scripts/generate_report.py --format both
参数
| 参数 | 说明 | 默认值 |
|---|---|---|
| --format | 输出格式 | excel |
自动触发
- 手动触发: "运行投标监控" 或直接执行
python scripts/*.py - 自动: 每周一 09:00 自动执行,通过 cron 调度
邮件配置
需要配置以下环境变量:
BID_SMTP_HOST: 邮件服务器(如 smtp.gmail.com)BID_SMTP_PORT: 端口(如 587)BID_SMTP_USER: 用户名BID_SMTP_PASS: 密码BID_REPORT_TO: 收件人邮箱(多个用逗号分隔)
配置示例:
export BID_SMTP_HOST=smtp.gmail.com
export BID_SMTP_PORT=587
export [email protected]
export BID_SMTP_PASS=your-app-password
export [email protected]
状态输出
采集完成后输出:
- 本周新发现机会数量
- 各竞争公司相关机会数
- 优先级分布(S/A/B/C 各多少条)
- 高相关招标数量
- 报告文件路径
- 邮件发送状态
安全使用建议
What to check before installing:
- Metadata mismatch: the registry claims no required binaries or env vars, but the SKILL.md and scripts require a Python runtime and SMTP credentials. Expect to run these as local Python scripts; confirm you have Python and any optional libraries (openpyxl) installed.
- SMTP credentials: the skill needs BID_SMTP_USER and BID_SMTP_PASS to send emails. Use a dedicated send-only account or an app-specific password; do not reuse high-privilege personal credentials. Confirm the REPORT_TO list and recipients before enabling automated sends.
- Disabled SSL verification: parse_bids.py and search_bids.py intentionally disable SSL verification when fetching URLs. This increases the risk of fetching manipulated content if an attacker can intercept your network traffic. If possible, run in an environment with trustworthy network routing or modify the code to enforce SSL verification.
- External scraping: the skill fetches many third-party URLs (industry sites and government portals). Ensure you are allowed to scrape those sources; consider politeness (rate limits) and legal/contract constraints. Also review CSV_LINKS to ensure no unexpected endpoints are present.
- Secrets handling: the code reads SMTP creds directly from environment variables and does not exfiltrate them elsewhere in the bundle, but still review logs and deployment to avoid accidental leakage (e.g., check cron, CI logs, or backups where environment variables could be captured).
- Operational safety: test in a sandbox first. Run scripts locally with a dry-run (send_email supports a '--dry-run' path) and inspect generated data files under data/ before enabling automated cron.
If you want to proceed: update the skill metadata to list Python and the SMTP env vars, create a dedicated SMTP account, lock down network egress if needed, and consider enabling SSL verification in the fetch routines.
功能分析
Type: OpenClaw Skill
Name: bid-watcher
Version: 1.1.0
The skill bundle is designed to scrape and report on industry bidding information, but it contains significant security vulnerabilities. Specifically, `search_bids.py` and `parse_bids.py` intentionally disable SSL certificate verification (using `ssl.CERT_NONE`), which exposes the agent to Man-in-the-Middle (MITM) attacks during data collection. While the behavior aligns with the stated purpose and no evidence of intentional data exfiltration or malicious prompt injection was found, the systematic bypass of transport security is a high-risk practice.
能力评估
Purpose & Capability
The name/description (monitor bids, produce weekly reports, email them) align with the included scripts: search_bids.py, parse_bids.py, enrich_*.py, generate_report.py and send_email.py. The code implements scraping, enrichment, reporting and emailing as claimed.
Instruction Scope
SKILL.md instructs running the bundled Python scripts and configuring SMTP env vars — consistent with the code. The scripts scrape many external industry sites and a hard-coded CSV_LINKS list of URLs (expected for this purpose). Note: parse/search code disables SSL verification (verify_mode = CERT_NONE), which weakens transport security when fetching pages and may increase risk of man-in-the-middle content injection; this is an implementation choice that is unrelated to the stated high-level purpose and should be justified.
Install Mechanism
The skill has no install spec but includes multiple Python scripts that require a Python runtime. generate_report.py optionally depends on openpyxl (it prints a warning if missing). Registry metadata declared no required binaries or dependencies, which is inconsistent — the skill practically requires Python and may require openpyxl to produce Excel output. Lack of declared runtime/dependency instructions is an installation/integration mismatch.
Credentials
SKILL.md lists SMTP credentials (BID_SMTP_HOST, BID_SMTP_PORT, BID_SMTP_USER, BID_SMTP_PASS, BID_REPORT_TO) as required, and send_email.py reads exactly those env vars. Requesting an SMTP username/password is proportionate for emailing reports. However, the registry metadata declared no required env vars — that mismatch is concerning because sensitive SMTP credentials are expected but not surfaced by the publisher metadata. Verify you are comfortable supplying an email account password and prefer using a dedicated/send-only account or app-specific password.
Persistence & Privilege
The skill is not flagged always:true and does not modify other skills or agent settings. It runs on-demand or via cron as described; autonomous agent invocation remains default but is not combined with additional elevated privileges here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install bid-watcher - 安装完成后,直接呼叫该 Skill 的名称或使用
/bid-watcher触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
修复文档使用说明,移除废弃脚本,统一工作流为enrich_bids.py
v1.0.0
投标情报监控系统
元数据
常见问题
Bid Watcher 是什么?
投标情报监控系统。监控锂电池/储能/装配段行业招标信息,追踪4家竞争对手(无锡先导、海目星、赢合科技、联赢激光)的投标动态。每周自动采集、生成表格报告并发送邮件。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 70 次。
如何安装 Bid Watcher?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install bid-watcher」即可一键安装,无需额外配置。
Bid Watcher 是免费的吗?
是的,Bid Watcher 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Bid Watcher 支持哪些平台?
Bid Watcher 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Bid Watcher?
由 Richardcoder849(@richardcoder849)开发并维护,当前版本 v1.1.0。
推荐 Skills