Stakeholder Update Drafter
v1.0.0同一组事实分别输出老板版、客户版、执行版和风险透明版项目更新。;use for stakeholder, status-update, communication workflows;do not use for 夸大成果, 隐瞒关键风险.
⭐ 0· 88·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, resources, templates, and scripts all align: the tool formats inputs into multiple audience drafts and can optionally run a local Python script to produce or audit reports. Requiring python3 is proportionate.
Instruction Scope
SKILL.md advises reformatting user input and optionally running scripts/run.py. The script legitimately reads files, directories, and input text (to build reports or audit a codebase). That means if an operator supplies a broad path (e.g., / or a home directory) the script will read many local files — this is expected for a local audit tool but could expose sensitive files if misused. The SKILL.md includes safety guidance (do not fabricate, desensitize PII), which helps, but users should avoid running it against sensitive system paths.
Install Mechanism
No install spec; instruction-only plus a local Python script. No downloads or external installers are requested, so nothing is written to disk outside using the provided script and resources.
Credentials
Requires only python3; no environment variables, credentials, or config paths are requested. The script contains regex patterns to detect secrets/dangerous commands but does not attempt to read environment variables or network credentials.
Persistence & Privilege
always:false and user-invocable:true. The skill does not request persistent system privileges or modify other skills. It can write an output file when run with --output, which is reasonable and documented.
Scan Findings in Context
[PATTERNS:curl_pipe_bash] expected: The script includes a regex to detect 'curl | bash' patterns in scanned files; this is expected for a local audit/pattern detector and not an indicator of the script performing such network actions itself.
[PATTERNS:dangerous_rm] expected: The script searches for risky 'rm -rf' patterns when auditing content. This is consistent with an auditing utility.
[PATTERNS:base64_exec] expected: The script looks for base64 decode + exec chains in scanned files. This is a defensive scanning pattern, expected for a repo/audit tool.
[PATTERNS:secret_like] expected: The script includes heuristics to mask/identify likely secrets (api_key, token, secret). This is appropriate for detecting leaked secrets in local files; the script does not transmit them externally.
[PATTERNS:private_url] expected: The script flags private/internal URL paths when scanning content — expected for auditing.
Assessment
This skill appears coherent and low-risk: it only requires python3 and contains a local script plus templates to produce multi-audience status updates or to audit directories/files. Before running: (1) review scripts/run.py yourself (it is included) to confirm you are comfortable with its file-reading behavior; (2) do not pass root or broadly permissive directories as --input if you have sensitive files (the script will read many file types); (3) run smoke-test locally in a sandbox or test workspace first; (4) the skill does not perform network exfiltration or request credentials, but avoid feeding it secrets or PII unless you intend them to be processed locally. If you need the agent to run this autonomously, consider restricting the input paths and reviewing logs/output to avoid accidental exposure.Like a lobster shell, security has layers — review code before you run it.
latestvk9736dwzb8sf7p9xmrr766ev49838tbc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📣 Clawdis
OSmacOS · Linux · Windows
Binspython3