← 返回 Skills 市场

ITSM 工单自动提交

Name: ITSM 工单自动提交
Author: tutututu2020

作者 Tutututu2020 · GitHub ↗ · v2.1.0 · MIT-0

cross-platform ⚠ suspicious

221

总下载

当前安装

版本数

在 OpenClaw 中安装

/install itsm-skill

功能描述

自动通过系统自带 chromium 浏览器和 Selenium 提交 ITSM 工单，支持头程、尾程询价、批次查询和问题反馈。

使用说明 (SKILL.md)

ITSM 工单自动提交技能 v2.1.0

版本: 2.1 (轻量级架构) 作者: OpenClaw Community 许可: MIT

技能说明

自动提交 ITSM 工单到企业 IT 服务管理系统。支持以下工单类型：

头程询价
尾程询价
批次查询
问题反馈

🎯 轻量级架构

技术栈：

系统自带 chromium-browser（零依赖下载）
Python + Selenium（通过 CDP 连接）

优势：

✅ 零依赖 - 不需要安装 Playwright（150MB）
✅ 中文正常 - 使用系统字体
✅ 快速启动 - 无需下载浏览器
✅ 稳定可靠 - 成熟的 CDP 方案

使用方法

在 OpenClaw 中说

"提交 ITSM 工单"
"帮我提交头程询价工单，SKU 是 ABC-123"
"创建 ITSM 工单"

参数

可通过以下方式提供：

环境变量: ITSM_USERNAME, ITSM_PASSWORD, ITSM_SKU, ITSM_REMARK, ITSM_WAREHOUSE
对话提供: 直接在 OpenClaw 中说明
默认值: 用户名 500525，密码 Xy@123456，SKU 11

首次使用

第一次运行时，脚本会自动：

✅ 检查并安装 chromium-browser（如果需要）
✅ 安装 Python 依赖（selenium、requests）
✅ 启动浏览器并提交工单

技术架构

itsm-ticket/
├── start.sh              # ⭐ 主入口（启动浏览器+提交工单）
├── submit-itsm.py        # Python 提交脚本（Selenium + CDP）
├── close.sh              # 关闭浏览器脚本
├── SKILL.md              # 本文档
├── screenshots/          # 截图保存目录
└── package.json          # npm 配置（保留）

运行方式

方式 1：一键启动（推荐）

cd ~/.openclaw/skills/itsm-ticket
bash start.sh

方式 2：分步执行

# 1. 启动浏览器
bash start.sh

# 2. 只提交工单（浏览器已运行）
python3 submit-itsm.py

# 3. 关闭浏览器
bash close.sh

依赖说明

系统依赖：

chromium-browser（自动安装）
Python 3（WSL 自带）

Python 依赖：

selenium
requests

首次运行自动安装：

pip install selenium requests --break-system-packages

特性

✅ 完全自动化 - 一键启动并提交
✅ 零大文件下载 - 使用系统浏览器
✅ 中文正常显示 - 系统字体支持
✅ 操作日志 - 每步截图保存
✅ 浏览器保持运行 - 可多次提交工单

关闭浏览器

pkill -f 'chromium.*--remote-debugging-port=9222'

或运行：

bash close.sh

版本历史

2.1 - 轻量级架构（chromium-browser + CDP）
2.0 - 重构为独立技能包
1.0 - 初始版本

故障排除

chromium-browser 未安装

脚本会自动安装，或手动运行：

sudo apt-get update
sudo apt-get install -y chromium-browser

Python 依赖缺失

pip install selenium requests --break-system-packages

中文乱码

不会出现！使用系统 chromium-browser，自带中文支持。

浏览器无法启动

检查 WSLg：

export DISPLAY=:0

安全使用建议

This skill appears to implement the advertised automation but performs system-level operations and contains some inconsistencies you should review before installing. Recommendations: - Inspect submit-itsm.py fully to confirm whether it reads environment variables or uploads arbitrary files. Search for os.environ usage and any code that posts data to endpoints other than the ITSM host. - Do not run start.sh as root indiscriminately. The script may call sudo apt-get and pip; prefer running in a disposable VM or container to limit system impact. - Remove or replace hard-coded default credentials (500525 / Xy@123456) and supply credentials explicitly via the conversation or safe env injection. Confirm the code does not leak credentials to third parties. - Be aware that starting Chromium with --remote-debugging-port exposes a local CDP endpoint; ensure the port is not accessible remotely on your network and close the browser after use. - If you need to allow attachments, verify the attachment path handling and ensure no sensitive files are uploaded by default. If you want, I can: (1) scan submit-itsm.py for env access and network calls more thoroughly, (2) point out exact lines that set defaults or contact external URLs, or (3) suggest a safer wrapper that avoids automatic installs and requires explicit user consent for installs and network downloads.

功能分析

Type: OpenClaw Skill Name: itsm-skill Version: 2.1.0 The skill bundle contains hardcoded credentials ('500525' / 'Xy@123456') and a hardcoded Windows file path in 'submit-itsm.py', suggesting it is a poorly sanitized or environment-specific tool. The 'start.sh' script performs high-risk system operations, including 'sudo apt-get' installations and downloading/executing a remote script ('get-pip.py') from 'bootstrap.pypa.io'. While these actions are technically aligned with the stated purpose of automating ticket submission on 'itsm.westmonth.com', the use of hardcoded secrets and aggressive system-level changes without isolation constitutes a significant security risk.

能力评估

ℹ Purpose & Capability

The name/description (automatically submit ITSM tickets via Chromium + Selenium) aligns with the shipped scripts (start.sh, submit-itsm.py, close.sh). However SKILL.md advertises environment variables (ITSM_USERNAME, ITSM_PASSWORD, etc.) and default credentials, while the registry metadata lists no required env vars. The code uses Chromium + Selenium as claimed, so capability matches purpose, but the undocumented/default credentials and env-var mismatch are inconsistent.

⚠ Instruction Scope

Runtime instructions and scripts perform system-level operations: installing Python packages (pip install), optionally downloading get-pip.py from the network, apt-get installing chromium-browser with sudo, launching Chromium with a remote-debugging port, and reading/using local file paths for attachments (including converting Windows paths to WSL paths). These actions go beyond a pure API wrapper and may access local files and expose a CDP port that other local processes could reach. The SKILL.md also suggests providing secrets via environment variables, but the manifest does not declare them.

ℹ Install Mechanism

There is no formal install spec in the registry (instruction-only). The scripts self-install dependencies at runtime: pip installs (selenium, requests), may fetch get-pip.py from https://bootstrap.pypa.io, and may apt-get install chromium-browser. The external URLs used are standard (PyPA, apt repos) rather than unknown shorteners or personal servers. Still, runtime downloads and automatic package installation are moderate-risk behaviors and may alter the host environment.

⚠ Credentials

SKILL.md lists environment variables for credentials and data, but the registry declares none — a mismatch that should be surfaced to users. The code embeds default username/password values (500525 / Xy@123456) which could lead to accidental use of insecure defaults. The skill can access arbitrary local files (attachmentPath) and will attempt to convert Windows paths to WSL paths, implying access to user files outside the skill directory.

✓ Persistence & Privilege

The skill is not flagged as always:true and does not request system-wide configuration changes in the manifest. It does start Chromium with remote-debugging enabled while running; this is transient to its operation and not recorded as persistent system modification by the manifest. No evidence the skill modifies other skills' configurations.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install itsm-skill
安装完成后，直接呼叫该 Skill 的名称或使用 /itsm-skill 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.1.0

轻量级架构 - 使用系统 Chromium 浏览器，零依赖，中文正常显示

元数据

Slug itsm-skill

版本 2.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题