← 返回 Skills 市场
234
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install szzg007-product-promotion
功能描述
自动提取商品图片,生成高质量HTML推广邮件模版,支持素材库管理及邮件发送的一体化工具。
安全使用建议
Do not install or run this skill without changes. The package contains a plaintext SMTP username and password (in send-email.py) and disables SSL certificate verification — that means emails would be sent through the author's account if you use the bundled send routine. If you still want the functionality: 1) Replace the hard-coded SMTP credentials with your own credentials stored in a secure env file and ensure the code prefers env vars (or remove the bundled credentials entirely). 2) Fix absolute paths so assets are written to a configurable, relative, or user-specific directory (do not assume /Users/zhuzhenguo). 3) Re-enable proper SSL/TLS validation for SMTP connections. 4) Inspect and test the scripts in a controlled environment (no real recipients) before sending any emails. 5) Consider rotating the exposed SMTP password if it belongs to you, and avoid using third-party credentials embedded in untrusted packages. The package is internally coherent enough to perform its advertised task, but the credential and path misconfigurations are suspicious and must be corrected before trust.
功能分析
Type: OpenClaw Skill
Name: szzg007-product-promotion
Version: 1.0.1
The skill bundle contains hardcoded SMTP credentials (username and password) and explicitly disables SSL certificate verification in 'scripts/send-email.py'. Additionally, multiple scripts ('scripts/product-promotion.py', 'scripts/email-code-manager.py') and documentation files use hardcoded absolute paths tied to a specific local user environment ('/Users/zhuzhenguo/'), which indicates a lack of portability and potential exposure of local system structures. While these are significant security vulnerabilities and poor practices, they appear to be unintentional flaws rather than an intentional attempt to exfiltrate user data or establish a backdoor.
能力标签
能力评估
Purpose & Capability
Name/description describe image extraction, HTML template generation, asset management and optional email sending — the included scripts implement those features. However the code hard-codes absolute paths under /Users/zhuzhenguo and embeds SMTP credentials in send-email.py instead of using the optional email-config.env the SKILL.md advertises. Requiring/writing to another user's home path and shipping plaintext credentials are not necessary for the stated purpose and are disproportionate.
Instruction Scope
SKILL.md describes using a browser snapshot + curl and optionally reading /Users/zhuzhenguo/.openclaw/workspace-judy/email-config.env, which implies local config. In reality the scripts will create/read/write assets under fixed absolute directories and send mail via a bundled send-email.py that uses embedded credentials and disables SSL verification. The instructions and actual runtime behavior (use of hard-coded paths/credentials and insecure SSL) are inconsistent and broaden the skill's actions beyond what's clearly documented.
Install Mechanism
There is no install spec and no external downloads — the package is delivered as scripts and templates. That lowers supply-chain risk (no arbitrary remote code fetch), though the presence of executable scripts means they will run on the host if installed/invoked.
Credentials
The manifest declares no required env/credentials, but send-email.py contains hard-coded SMTP_USER/SMTP_PASS/SMTP_HOST and SMTP_FROM. Shipping a plaintext SMTP password inside the skill is a serious mismatch with the stated 'optional SMTP config' and is disproportionate to the skill's purpose. This could allow the skill to send email from the author-controlled account without the user's explicit SMTP configuration. Additionally, the code disables certificate verification when connecting to SMTP (insecure).
Persistence & Privilege
The skill does not request elevated platform privileges or always:true. It will create and write files to absolute paths under /Users/zhuzhenguo/.openclaw/workspace and product-promotion-assets, which is normal for a local asset manager but surprising because the paths are hard-coded to another user's home. This may cause unexpected file writes or failures on other systems.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install szzg007-product-promotion - 安装完成后,直接呼叫该 Skill 的名称或使用
/szzg007-product-promotion触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Re-publish with latest updates
v1.0.0
Initial release of product promotion email generation skill.
- Automatically extracts product images from e-commerce URLs
- Generates high-quality HTML email promotion templates
- Archives all assets to a dedicated material library for easy management
- Supports direct email sending or saving for later
- Utilizes a unique code system for efficient material organization
元数据
常见问题
SZZG007 Product Promotion 是什么?
自动提取商品图片,生成高质量HTML推广邮件模版,支持素材库管理及邮件发送的一体化工具。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 234 次。
如何安装 SZZG007 Product Promotion?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install szzg007-product-promotion」即可一键安装,无需额外配置。
SZZG007 Product Promotion 是免费的吗?
是的,SZZG007 Product Promotion 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
SZZG007 Product Promotion 支持哪些平台?
SZZG007 Product Promotion 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SZZG007 Product Promotion?
由 szzg007(@szzg007)开发并维护,当前版本 v1.0.1。
推荐 Skills