Auto Quotation System OpenClaw
v1.0.4Build a reusable quotation workflow for software projects from markdown requirements, feature outlines, or mind-map screenshots that have been transcribed in...
⭐ 0· 80·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description align with the included artifacts: multiple Python scripts for DOCX extraction, sample libraries, calibration profiles, templates, and example outputs are exactly what a quotation generator would need. Minor incoherence: the skill metadata declares no required binaries, but the SKILL.md explicitly runs 'python' scripts — so Python is effectively required but not declared.
Instruction Scope
SKILL.md gives explicit, bounded instructions: normalize input, mine a local DOCX corpus, run specific generator scripts, and produce markdown/JSON/DOCX outputs. The instructions access only user-supplied local files/directories (e.g., /path/to/history-docx-dir, /tmp/...), which is expected for this purpose. They do not instruct the agent to read unrelated system files or to send data to unknown external endpoints.
Install Mechanism
No install spec (instruction-only) and no downloads or external installers are present; risk from installation is low. The included code is Python scripts that will be executed locally — there is no automated fetching of remote archives or obscure installers in the repository.
Credentials
The skill declares no required environment variables or credentials, which is appropriate. A small note: configuration files (assets/quotation-mode.json) include absolute user-local paths (e.g., /Users/m1/.codex/skills/..., /tmp/...), which appear to be example/sample paths and not secrets — still, they reveal developer-local paths and should be sanitized if reused. Also remember that processing historical DOCX files may expose sensitive content from any files you give it.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence or modify other skills. Autonomous model invocation is allowed but that is the platform default; no extra privileges are requested.
Assessment
This skill appears to do what it says: it's a local quotation generator built around Python scripts plus JSON/MD assets. Before running it: (1) ensure you have Python available (SKILL.md calls 'python' though the metadata doesn't list it); (2) inspect the scripts if you want to confirm there are no network calls, telemetry, or hidden endpoints (the repo provided here is large but the visible files are consistent with local DOCX parsing and JSON/MD output); (3) run it in an isolated or test directory first and avoid feeding it sensitive documents until you're confident of behavior; (4) sanitize or update example absolute paths in assets (they are benign examples but might not apply to your system); (5) if you need stronger assurance, run the scripts with network blocked (air-gapped) and review the script sources for any use of requests/http/socket or external API keys before supplying production data.Like a lobster shell, security has layers — review code before you run it.
docxvk97ev8dtfbz691sj1nas69mtw984dwntlatestvk97ev8dtfbz691sj1nas69mtw984dwntopenclawvk97ev8dtfbz691sj1nas69mtw984dwntquotationvk97ev8dtfbz691sj1nas69mtw984dwntwindowsvk97ev8dtfbz691sj1nas69mtw984dwnt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.