← 返回 Skills 市场
287
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pharmaceutical-bidding
功能描述
Automatically collects, verifies, and evaluates pharmaceutical system bidding info from provincial sites daily, updating WeChat Work tables with actionable o...
安全使用建议
This skill mostly does what it says: scrapes procurement sites, evaluates bids, and posts to WeChat Work. Before installing or running it: 1) Do not commit real secrets (apiToken, corpSecret, token, encodingAESKey) into config.json in source control — store them in an environment or secure vault instead. 2) Remove or edit validate-wecom-config.js if you do not want the skill to read workspace/global configs (it looks for openclaw.json outside the skill folder and will read it); that behaviour is unnecessary for core functionality and could expose unrelated credentials. 3) Run npm install and review the installed packages locally (puppeteer is large and will download browsers). 4) Run the skill in an isolated environment (container or VM) and restrict its network access if you need to limit external calls. 5) Consider rotating/invalidating any secrets used for testing after validation. If you want, I can point to the exact lines that read openclaw.json and suggest a safe patch to limit file access.
功能分析
Type: OpenClaw Skill
Name: pharmaceutical-bidding
Version: 1.0.0
The skill bundle is a legitimate automation tool designed to scrape pharmaceutical bidding information from Chinese government procurement websites and report findings to WeChat Work. The code in `main.js` and `wechat-api.js` implements standard web scraping and API integration logic using well-known libraries like `axios`, `cheerio`, and `node-cron`. No evidence of data exfiltration, unauthorized command execution, or malicious prompt injection was found; the workflow strictly follows the business logic described in `SKILL.md` and `README.md`.
能力评估
Purpose & Capability
Name/description match the code and SKILL.md: code performs web scraping/collection, filtering, evaluation, and posts to WeChat Work. Included dependencies (axios, cheerio, puppeteer) are plausible for scraping and the WeChat API integration is present.
Instruction Scope
SKILL.md instructs scraping provincial procurement sites, doing secondary search, and writing to WeChat Work — the code implements these workflows (search, filter, evaluate, post). Some key functions referenced in main.js (searchWebsite, searchEngineEnhance) are placeholders/not present in the provided file, indicating incomplete implementation rather than covert behaviour. The instructions allow arbitrary web searches and scraping, which will cause outbound network calls as expected.
Install Mechanism
No install spec is provided (instruction-only install), so nothing is pulled during install by the platform. However the package.json and package-lock are present and declare significant npm dependencies (including puppeteer). If you run npm install locally, that will fetch many packages from public registries — expected for scraping but higher footprint than a minimal script.
Credentials
The skill does not declare required env vars but expects secrets in config.json (wechatWork.apiToken, corpId/corpSecret, token, encodingAESKey). More importantly, validate-wecom-config.js searches for an openclaw.json at paths outside the skill directory (../../openclaw.json and ../../../openclaw.json) and will read it if present. That means the skill includes code that attempts to access workspace/global configuration which may contain other channel tokens or sensitive platform credentials — this access is not justified by the stated purpose and is disproportionate.
Persistence & Privilege
always is false and autonomous invocation is allowed (default). The skill schedules a daily job via node-cron when started and the provided crontab.txt demonstrates adding a cron entry if a user writes it. The code does not modify other skills' configs, but the validate-wecom-config.js file tries to read config files outside the skill folder — this cross-scope file access increases potential blast radius and should be restricted.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pharmaceutical-bidding - 安装完成后,直接呼叫该 Skill 的名称或使用
/pharmaceutical-bidding触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release automates pharmaceutical system bidding information collection and analysis:
- Collects "药学系统" bidding info from provincial procurement websites.
- Verifies product type and document deadlines; filters items not meeting criteria.
- Gathers additional project details when source info is insufficient.
- Records structured bid data in WeChat Work smart tables, including deadlines, budget, and responsible sales staff.
- Analyzes projects and provides bidding recommendations based on document availability and evaluation criteria.
- Automatically classifies projects as eligible based on timing, budget, or hospital type.
- Runs daily at 8:30 AM with full WeChat Work API integration.
元数据
常见问题
Pharmaceutical Bidding 是什么?
Automatically collects, verifies, and evaluates pharmaceutical system bidding info from provincial sites daily, updating WeChat Work tables with actionable o... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 287 次。
如何安装 Pharmaceutical Bidding?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pharmaceutical-bidding」即可一键安装,无需额外配置。
Pharmaceutical Bidding 是免费的吗?
是的,Pharmaceutical Bidding 完全免费(开源免费),可自由下载、安装和使用。
Pharmaceutical Bidding 支持哪些平台?
Pharmaceutical Bidding 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pharmaceutical Bidding?
由 ElliotLaw(@elliotlaw)开发并维护,当前版本 v1.0.0。
推荐 Skills