平安保险顾问助手
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: pingan-insurance-advisor Version: 1.0.0 The skill bundle is a legitimate insurance advisor tool designed to guide an AI agent through a standard operating procedure (SOP) for customer needs analysis and product recommendation. It includes functional Python scripts for matching insurance products (`product_matcher.py`) and generating PDF reports (`generate_report.py`), along with a structured product database (`pingan_products.json`). While the skill collects sensitive personal, health, and financial information, this behavior is entirely consistent with its stated purpose as an insurance advisory tool, and there is no evidence of malicious intent, data exfiltration to unauthorized endpoints, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Customer health, financial, and identity information may be retained in reports or customer files.
The SOP expects customer records to include identity, health disclosure, coverage analysis, policies, and communication history.
客户档案内容:基本信息表、健康告知记录、保障缺口分析、方案建议书、保单汇总表、沟通记录
Get customer consent, minimize unnecessary fields, define where records are stored, and set retention/access controls before using it with real customer data.
Sensitive customer information could become accessible according to the Feishu document’s workspace and sharing settings.
The report workflow may put the completed insurance analysis into a Feishu cloud/workspace document, but sharing and access boundaries are not specified.
飞书文档 - 文字版方案,可编辑分享(推荐)
Verify the Feishu account, document permissions, and sharing settings before generating reports containing medical or financial details.
The agent may create or modify Feishu documents as part of report generation.
If the Feishu tool is available, the skill can create or write documents using the user’s workspace permissions.
feishu_doc action=write doc_token=<文档token> content="完整markdown内容"
Use least-privilege Feishu access and write only to the report document the user approved.
A user may need to install an unpinned Python package manually to use PDF generation.
PDF generation depends on reportlab, but the registry has no install spec or pinned dependency declaration.
print("Error: reportlab not installed. Run: pip install reportlab")Install dependencies from trusted sources and consider pinning reportlab to a reviewed version.