← 返回 Skills 市场
military bidding fetcher
作者
zhangpengle
· GitHub ↗
· v0.2.6
· MIT-0
302
总下载
0
收藏
1
当前安装
10
版本数
在 OpenClaw 中安装
/install military-bidding-fetcher
功能描述
军工采招商机自动抓取工具。从全军武器装备采购信息网、军队采购网、国防科大采购网抓取招标信息,过滤并生成 Excel 报表。当用户说"抓取商机"、"查新"、"采集招标"时触发。
安全使用建议
This package appears to implement the described scraper, but take these precautions before installing: 1) Review the full fetcher.py (the provided file was truncated) to ensure no hidden network endpoints or data exfiltration paths exist. 2) Check and control any milb_fetcher/.env or ~/.config/milb-fetcher/.env files — do not place API keys or other secrets there unless you trust the author. 3) Avoid setting FETCHER_PROXY to an untrusted proxy (it will route scraped data through that endpoint). 4) Because the owner and homepage are unknown, consider running it in an isolated environment (container/VM) first and monitor network traffic. 5) If you plan to use it in production, request a proper install spec and a vetted source/repository (or maintain your own fork) so you can audit updates.
功能分析
Type: OpenClaw Skill
Name: military-bidding-fetcher
Version: 0.2.6
The skill bundle is a specialized scraper designed to aggregate military procurement information from three official Chinese websites (weain.mil.cn, plap.mil.cn, and nudt.edu.cn). The code in `fetcher.py` and `config.py` aligns with the functionality described in `SKILL.md`, using standard libraries like `requests` for data retrieval and `pandas`/`openpyxl` for report generation. While it uses a shell call to the `date` command in `fetcher.py` to generate timestamps, it is implemented safely without shell expansion and includes a native Python fallback. No evidence of data exfiltration, malicious execution, or prompt injection was found.
能力评估
Purpose & Capability
Name/description promise a web-scraper for three military procurement sites; included Python files (requests/pandas/openpyxl) implement exactly that. This capability reasonably explains the dependencies and behavior. Minor mismatch: registry metadata lists no required env vars, but SKILL.md and the code describe many optional FETCHER_* environment variables and a .env config file—so the manifest underreports configuration needs.
Instruction Scope
SKILL.md and code instruct the agent to read configuration from ~/.config/milb-fetcher/.env and ./ .env and to write output to a workspace path. The code uses optional proxy configuration (FETCHER_USE_PROXY, FETCHER_PROXY) and may access networked endpoints (the three stated sites). These behaviors are consistent with scraping, but the skill will read user config files in the home directory which might contain unrelated secrets, and the registry did not declare those config paths. The SKILL.md contains an install hint (pip install -e {baseDir}) even though the registry lists no install spec.
Install Mechanism
No remote download or opaque installer is used; the package is a local Python package (pyproject.toml present) and SKILL.md suggests pip install -e {baseDir}. No high-risk download URLs or extract steps seen. Slight inconsistency: the registry reported 'No install spec — instruction-only' while code and SKILL.md indicate a local pip install is intended.
Credentials
The registry requires no credentials, which aligns with scraper functionality. However the SKILL.md and code expect optional FETCHER_* settings (keywords, exclude lists, high-value keywords, regions, FETCHER_USE_PROXY, FETCHER_PROXY, FETCHER_OUTPUT_DIR) stored in milb_fetcher/.env or ~/.config/milb-fetcher/.env. Reading a ~/.config/.../.env file gives the skill access to any environment-like secrets a user might store there; the ability to proxy requests via FETCHER_PROXY could be abused if a user sets it to an attacker-controlled endpoint. These env/config usages are plausible for the stated purpose but were not declared in registry metadata, which is a proportionality/visibility problem.
Persistence & Privilege
The skill is not always: true and does not request system-wide changes. It writes output to a workspace path and reads its own config files; there is no evidence it modifies other skills or system settings. Autonomous invocation is allowed (default) but not, by itself, an unexplained privilege.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install military-bidding-fetcher - 安装完成后,直接呼叫该 Skill 的名称或使用
/military-bidding-fetcher触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.6
- Internal improvements in milb_fetcher/fetcher.py.
- No user-facing changes in functionality or options.
v0.2.5
- Changed default output Excel file name to “军队采购商机汇总_{date}.xlsx”.
- Updated documentation in SKILL.md to reflect the new output file name.
v0.2.4
- Updated milb_fetcher/config.py.
- No user-facing feature or interface changes.
v0.2.3
- Improved environment variable fetching logic in config.py for more reliable configuration loading.
- Added exception handling for missing or invalid configuration entries.
- Internal code refactoring in fetcher.py for better maintainability and error reporting.
v0.2.2
- Improved internal code structure in config.py and fetcher.py.
- No user-facing feature changes.
- Documentation remains unchanged.
v0.2.1
- No file changes detected in this version.
- Documentation and usage instructions remain the same as in the previous release.
- No new features, bug fixes, or updates introduced.
v0.2.0
- Major internal refactor: migrated codebase to milb_fetcher module with config file support.
- Added dedicated configuration file (.env) for customizable keywords, exclusion words, and regions.
- Expanded and clarified command-line parameters for flexible date, output, and filtering control.
- Improved documentation with clear usage instructions and updated trigger phrases.
- Output path and file naming now standardized; regions can be restricted for specific data sources.
v0.1.4
military-bidding-fetcher v0.1.4
- 新增 _meta.json 文件,补充元数据说明。
- fetcher.py 文件有更新,优化实现或修正细节。
- 其余文档、核心功能及参数接口保持不变。
v0.1.3
military-bidding-fetcher 0.1.3
- Updated fetcher.py with new changes.
- No updates to documentation or interface.
- No major user-facing changes.
v0.1.1
- Added comprehensive platform integration for WEAIN, PLAP, and NUDT military bidding sources.
- Implemented an intelligent recommendation engine to rate project relevance by keywords.
- Enhanced data cleaning: filters out non-bid announcements, noise, and low-relevance categories.
- Automated Excel report generation summarizing military bidding opportunities with key details.
- New fetch_all_bidding interface supports keyword, exclusion, and date-based custom fetching.
元数据
常见问题
military bidding fetcher 是什么?
军工采招商机自动抓取工具。从全军武器装备采购信息网、军队采购网、国防科大采购网抓取招标信息,过滤并生成 Excel 报表。当用户说"抓取商机"、"查新"、"采集招标"时触发。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 302 次。
如何安装 military bidding fetcher?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install military-bidding-fetcher」即可一键安装,无需额外配置。
military bidding fetcher 是免费的吗?
是的,military bidding fetcher 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
military bidding fetcher 支持哪些平台?
military bidding fetcher 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 military bidding fetcher?
由 zhangpengle(@zhangpengle)开发并维护,当前版本 v0.2.6。
推荐 Skills