保险顾问助手Pro
PassAudited by ClawScan on May 6, 2026.
Overview
This appears to be a coherent insurance-planning helper, but it handles sensitive customer health and financial information and may place it into reports or Feishu documents.
Use this skill only with appropriate client consent. Be careful with real names, medical history, income, debt, and existing policy details; store reports only in approved locations, check Feishu sharing permissions, and verify any package dependency before installing it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Client health, financial, and identity information could remain in reports, notes, or agent context if the user stores it.
The SOP explicitly contemplates maintaining customer files that include identity, health disclosure, insurance, and communication records. This is aligned with insurance planning, but it is sensitive data that should not be retained or reused without consent and controls.
客户档案内容 - 基本信息表 - 健康告知记录 - 保障缺口分析 - 方案建议书 - 保单汇总表 - 沟通记录
Collect only necessary information, get client consent, avoid unnecessary identifiers, and store any customer files in approved systems with retention and access controls.
Sensitive client information may be stored in or shared through Feishu documents if the report option is used.
The recommended report path can send the complete insurance recommendation content, likely including KYC details, to a Feishu document provider. This is disclosed and follows user confirmation, but the artifacts do not define document permissions, workspace retention, or sharing boundaries.
飞书文档 - 文字版方案,可编辑分享(推荐) ... feishu_doc action=create title="保险方案建议书" content="完整markdown内容"
Before creating Feishu reports, confirm the client consents, verify document permissions, and avoid including unnecessary medical or financial details.
Report generation may fail until a dependency is installed, and an unpinned manual package install can introduce supply-chain risk.
The report generator depends on reportlab, but the registry lists no install spec or required dependencies. The dependency is purpose-aligned for PDF generation, but if installed later it should be sourced and pinned deliberately.
except ImportError:
print("Error: reportlab not installed. Run: pip install reportlab")Install dependencies only from trusted package sources, prefer pinned versions, and document the runtime requirements before using the report generator.