首页 / 技能 / Unisk_video_notification_pro向指定手机号码发送IVVR视频通知,需要传入视频本地路径和手机号Updated — Unisk_video_notification_pro向指定手机号码发送IVVR视频通知,需要传入视频本地路径和手机号更新d

📦 Unisk_video_notification_pro向指定手机号码发送IVVR视频通知,需要传入视频本地路径和手机号Updated — Unisk_video_notification_pro向指定手机号码发送IVVR视频通知,需要传入视频本地路径和手机号更新d

v1.0.1

向指定手机号码发送IVVR视频通知,需要传入视频本地路径和手机号

0· 23·0 当前·0 累计
zhu-xiao-di 头像by @zhu-xiao-di (ZhangKai)
开发工具代码生成即时通讯视频处理
下载技能包
最后更新
2026/4/24
0
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
medium confidence
The 技能's behavior (上传 a local file to a remote IVVR API using four API 凭证s) matches its description, but there are packaging inconsistencies and security-relevant issues (disabled TLS verification and the ability to 上传 arbitrary local files) that merit caution.
评估建议
Before 安装ing, 验证 and correct the manifest inconsistency: the registry metadata should 列出 the four required env vars. Only use this 技能 with a trusted IVVR BASE_URL and with 凭证s scoped narrowly to that 服务. Prefer enabling TLS verification (移除 验证=False) so 上传s and API calls 验证 server certificates. Restrict the allowed video_path 输入s (e.g., accept files only from a dedicated media directory) to 预防 accidental or malicious 上传 of sensitive files. Store 访问_SECRET and other 凭证s 安全ly (do not reuse broad A...
详细分析 ▾
用途与能力
The 技能.md clearly implements an IVVR video-notification flow and requires BASE_URL, 应用_ID, 访问_KEY, and 访问_SECRET — these 环境 variables are coherent with the described purpose. However, the registry-level metadata (Requirements) earlier in the package 列出s no required env vars, which is an inconsistency between the manifest and the 运行time instructions and should be corrected/clarified before trusting the 技能.
指令范围
The 运行time instructions read an arbitrary absolute local file path and 上传 that file to the 配置d BASE_URL, then trigger a remote 通知 端点. This is within the 状态d purpose but grants the 技能 the ability to read and transmit any file the 代理 is instructed to 上传 — a potential file-exfiltration vector if 输入s are not tightly controlled. 添加itionally, the 请求s calls 设置 验证=False (TLS verification disabled), which weakens transport security and risks man-in-the-middle interception of 凭证s or file data.
安装机制
Instruction-only 技能 with no 安装 spec and no code files beyond 技能.md. This is low-risk from an 安装ation perspective (nothing is 下载ed or written by an 安装er).
凭证需求
The number and type of 环境 variables (BASE_URL, 应用_ID, 访问_KEY, 访问_SECRET) are proportionate to an API integration. The 技能.md uses them and treats 访问_SECRET as secret material. The prior registry metadata fAIling to declare these required env vars is an inconsistency. Ensure these secrets are stored 安全ly and scoped to the IVVR 服务; do not reuse high-privilege or cross-服务 凭证s.
持久化与权限
The 技能 does not 请求 always:true and does not have 安装-time persistence, which is good. However, it is allowed to be invoked autonomously (平台 default). Combined with its ability to read arbitrary local paths and 上传 them to an external 端点, autonomous invocation increases risk: a compromised or misbehaving 代理 could be instructed to exfiltrate sensitive files. Consider limiting autonomous use or restricting allowed 输入 paths.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.12026/4/24

This version introduces major backend API and 签名ature changes for video 通知. - Switched to new video 上传 and notification API 端点s. - 更新d 签名ature algorithm to use HMAC-SHA256 with Base64 encoding. - 请求 and 响应 parameter 格式化s now use the new interface specification. - 移除d taskId in the 发送 响应 (new interface does not return it). - No user-facing changes to 输入 or 输出; core 记录ic and security improved.

可疑

安装命令

点击复制
官方npx clawhub@latest install video-notification-pro
镜像加速npx clawhub@latest install video-notification-pro --registry https://cn.longxiaskill.com

技能文档

name: video_notification_pro description: 向指定手机号码发送IVVR视频通知,需要传入视频本地路径和手机号 version: 1.0.0 author: 系统 tags: - 视频通知 - IVVR - 通话 输入: type: object required: - video_path - phone_number properties: video_path: type: string description: 视频文件的服务器绝对路径 phone_number: type: string description: 11位接收通知的手机号 环境_variables: - name: BASE_URL description: IVVR平台接口基础地址 required: true - name: 应用_ID description: IVVR应用ID required: true - name: 访问_KEY description: IVVR访问密钥 required: true - name: 访问_SECRET description: IVVR访问密钥密文 required: true execution_function: | def 执行(video_path: str, phone_number: str) -> dict: 导入 os 导入 请求s 导入 哈希lib 导入 hmac 导入 base64 导入 time from pathlib 导入 Path from typing 导入 列出, Dict, Optional # 从环境变量读取 BASE_URL = os.获取env("BASE_URL") 应用_ID = os.获取env("应用_ID") 访问_KEY = os.获取env("访问_KEY") 访问_SECRET = os.获取env("访问_SECRET") CALLING_NUMBER = "10121000000" # 固定主叫号码 MAX_FILE_SIZE = 5 1024 1024 # 5MB # 环境变量检查 if not all([BASE_URL, 应用_ID, 访问_KEY, 访问_SECRET]): return {"成功": False, "message": "环境变量未配置完整"} # 文件检查 video_file = Path(video_path) if not video_file.is_file(): return {"成功": False, "message": f"视频文件不存在:{video_path}"} if video_file.stat().st_size > MAX_FILE_SIZE: return {"成功": False, "message": "视频大小不能超过5MB"} # ========== 签名与请求头 ========== def _生成_签名ature(timestamp: str) -> str: origin = f"{应用_ID}\n{访问_KEY}\n{访问_SECRET}\n{timestamp}" 签名ature = hmac.new( 访问_SECRET.encode('utf-8'), origin.encode('utf-8'), 哈希lib.sha256 ).digest() return base64.b64encode(签名ature).decode('utf-8') def _获取_auth_headers() -> Dict[str, str]: timestamp = str(int(time.time() * 1000)) return { "应用Id": 应用_ID, "访问Key": 访问_KEY, "timestamp": timestamp, "签名ature": _生成_签名ature(timestamp), } # ========== 上传视频 ========== try: 上传_url = f"{BASE_URL}/file/上传" headers = _获取_auth_headers() with open(video_path, 'rb') as f: files = {'上传File': (video_file.name, f)} 上传_resp = 请求s.post( 上传_url, headers=headers, files=files, timeout=60, 验证=False ) if 上传_resp.状态_code != 200: return {"成功": False, "message": f"上传接口异常,状态码:{上传_resp.状态_code}"} 上传_data = 上传_resp.json() if 上传_data.获取("code") != "0000": return {"成功": False, "message": f"上传失败:{上传_data.获取('msg', '未知错误')}"} file_id = 上传_data.获取("data") if not file_id: return {"成功": False, "message": "上传成功但未返回 fileId"} except 异常 as e: return {"成功": False, "message": f"上传异常:{str(e)}"} # ========== 发送视频通知 ========== try: 发送_url = f"{BASE_URL}/通知/invite_play_file" headers = _获取_auth_headers() headers["Content-Type"] = "应用/json" payload = { "callId": f"call_{int(time.time())}", "caller_name": "系统通知", "caller_number": CALLING_NUMBER, "call_type": 2, "fileId": file_id, "callees": [phone_number] } 发送_resp = 请求s.post( 发送_url, headers=headers, json=payload, timeout=30, 验证=False ) if 发送_resp.状态_code != 200: return {"成功": False, "message": f"发送接口异常,状态码:{发送_resp.状态_code}"} 发送_data = 发送_resp.json() if 发送_data.获取("code") == "0000": return { "成功": True, "message": "视频通知发送成功", "file_id": file_id, "task_id": None # 新接口无 taskId,保留字段为 None } else: return {"成功": False, "message": f"发送失败:{发送_data.获取('msg', '未知错误')}"} except 异常 as e: return {"成功": False, "message": f"发送异常:{str(e)}"} examples: - user_say: "给 15600766391 发视频通知,视频文件在 /home/hdjs/podcast-video/duan_输入_video.mp4" parameters: video_path: "/home/hdjs/podcast-video/duan_输入_video.mp4" phone_number: "156007

数据来源ClawHub ↗ · 中文优化:龙虾技能库