ClawHub

Proposal Comparator

v1.0.0

对比多个方案文档,输出差异、隐含成本、风险与推荐结论。;use for proposal, comparison, decision workflows;do not use for 忽略用户给的约束, 伪造数据支持结论.

0· 102·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (proposal comparison, risks, recommendations) match the included resources and the local script. Requested runtime (python3) is appropriate and sufficient for the script's behavior; no unrelated credentials, binaries, or install actions are declared.
Instruction Scope
SKILL.md instructs producing structured results from supplied inputs and optionally running scripts/run.py. The script reads files and directories provided via --input and will scan many plaintext file types (.md,.json,.py,.sh,.csv, etc.). This is coherent for a document-audit skill, but if a user gives a sensitive system path (e.g., / or home dir) the script will read those files — the behavior is expected but requires users to control what input they pass.
Install Mechanism
No install spec; skill is instruction-only with a local Python script. No downloads, package installs, or external installers are present.
Credentials
No environment variables, secrets, or external credentials are requested. The script operates on user-supplied filesystem paths only, which aligns with the stated purpose.
Persistence & Privilege
always is false; the skill does not request permanent presence nor modify other skills or global agent config. It is a read/analysis tool and does not persist credentials or change system state by default.
Assessment
This skill appears safe and coherent for comparing proposals and auditing local documents. Before running: 1) inspect scripts/run.py (already included) if you want to verify behavior; 2) avoid passing broad or sensitive filesystem roots as --input (do not point it at /, your home, or system directories) — instead provide a controlled directory or files you want analyzed; 3) run with --dry-run or on a copy of sensitive data (or after redaction) if inputs may contain PII; 4) if you need networked evidence, do not expect the skill to fetch it — it is designed for local-only analysis. If you want higher assurance, run the script inside a sandbox/container and review outputs before acting on recommendations.

Like a lobster shell, security has layers — review code before you run it.

latestvk973wdyhr0c5qdp11871q6gfs98360ft

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧪 Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments