← 返回 Skills 市场
85
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install video-notification-pro
功能描述
向指定手机号码发送IVVR视频通知,需要传入视频本地路径和手机号
安全使用建议
Before installing, verify and correct the manifest inconsistency: the registry metadata should list the four required env vars. Only use this skill with a trusted IVVR BASE_URL and with credentials scoped narrowly to that service. Prefer enabling TLS verification (remove verify=False) so uploads and API calls verify server certificates. Restrict the allowed video_path inputs (e.g., accept files only from a dedicated media directory) to prevent accidental or malicious upload of sensitive files. Store ACCESS_SECRET and other credentials securely (do not reuse broad AWS/SSH/etc. secrets). If you allow autonomous invocation for this skill, be aware it can read and upload arbitrary local files; consider disabling autonomous invocation or adding path-validation safeguards if you cannot fully trust the agent or the remote service.
功能分析
Type: OpenClaw Skill
Name: video-notification-pro
Version: 1.0.1
The skill exhibits risky behavior by disabling SSL certificate verification (`verify=False`) in multiple `requests.post` calls within `SKILL.md`, which exposes sensitive API credentials and data to man-in-the-middle attacks. Furthermore, the tool allows the agent to read and upload any local file (up to 5MB) to a remote endpoint defined by the `BASE_URL` environment variable; without path restricted to a specific directory, this could be exploited for data exfiltration of sensitive system files if the agent is manipulated via prompt injection.
能力评估
Purpose & Capability
The SKILL.md clearly implements an IVVR video-notification flow and requires BASE_URL, APP_ID, ACCESS_KEY, and ACCESS_SECRET — these environment variables are coherent with the described purpose. However, the registry-level metadata (Requirements) earlier in the package lists no required env vars, which is an inconsistency between the manifest and the runtime instructions and should be corrected/clarified before trusting the skill.
Instruction Scope
The runtime instructions read an arbitrary absolute local file path and upload that file to the configured BASE_URL, then trigger a remote notify endpoint. This is within the stated purpose but grants the skill the ability to read and transmit any file the agent is instructed to upload — a potential file-exfiltration vector if inputs are not tightly controlled. Additionally, the requests calls set verify=False (TLS verification disabled), which weakens transport security and risks man-in-the-middle interception of credentials or file data.
Install Mechanism
Instruction-only skill with no install spec and no code files beyond SKILL.md. This is low-risk from an installation perspective (nothing is downloaded or written by an installer).
Credentials
The number and type of environment variables (BASE_URL, APP_ID, ACCESS_KEY, ACCESS_SECRET) are proportionate to an API integration. The SKILL.md uses them and treats ACCESS_SECRET as secret material. The prior registry metadata failing to declare these required env vars is an inconsistency. Ensure these secrets are stored securely and scoped to the IVVR service; do not reuse high-privilege or cross-service credentials.
Persistence & Privilege
The skill does not request always:true and does not have install-time persistence, which is good. However, it is allowed to be invoked autonomously (platform default). Combined with its ability to read arbitrary local paths and upload them to an external endpoint, autonomous invocation increases risk: a compromised or misbehaving agent could be instructed to exfiltrate sensitive files. Consider limiting autonomous use or restricting allowed input paths.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install video-notification-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/video-notification-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
This version introduces major backend API and signature changes for video notifications.
- Switched to new video upload and notification API endpoints.
- Updated signature algorithm to use HMAC-SHA256 with Base64 encoding.
- Request and response parameter formats now use the new interface specification.
- Removed taskId in the send response (new interface does not return it).
- No user-facing changes to input or output; core logic and security improved.
v1.0.0
Initial release: send IVVR video notifications to a specified mobile number.
- Supports sending video notifications by uploading a local video file (≤5MB) and specifying a receiver's 11-digit phone number.
- Requires configuration of BASE_URL, APP_ID, ACCESS_KEY, and ACCESS_SECRET environment variables.
- Validates video existence and size before upload.
- Clear error and success messages returned.
- Simple usage: just provide phone number and video file path.
元数据
常见问题
unisk_video_notification_pro 是什么?
向指定手机号码发送IVVR视频通知,需要传入视频本地路径和手机号. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 85 次。
如何安装 unisk_video_notification_pro?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install video-notification-pro」即可一键安装,无需额外配置。
unisk_video_notification_pro 是免费的吗?
是的,unisk_video_notification_pro 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
unisk_video_notification_pro 支持哪些平台?
unisk_video_notification_pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 unisk_video_notification_pro?
由 ZhangKai(@zhu-xiao-di)开发并维护,当前版本 v1.0.1。
推荐 Skills