免费版
v1.3.0Upload a contract to receive an AI-generated risk analysis with flagged clauses, plain explanations, negotiation tips, and missing protection checkpoints.
⭐ 0· 112·1 current·1 all-time
byMrReiyWsL@a799549967-lang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, triggers and SKILL.md all describe clause-by-clause contract review, risk scoring, missing-protection checklist and negotiation suggestions. The skill does not request unrelated binaries, environment variables, or config paths, which is proportionate to its stated purpose.
Instruction Scope
Runtime instructions are scoped to ingesting uploaded contract files or pasted text and producing a structured report. The SKILL.md repeatedly asserts that files 'only' flow between local OpenClaw and the user's configured AI, and mentions supported external AI providers (阿里云百炼, DeepSeek) and entering keys in OpenClaw — that data-flow/privacy statement is a claim in prose and not enforced by any install or config in the skill bundle itself, so users should verify where data is actually sent by their OpenClaw agent and the chosen provider.
Install Mechanism
No install spec or code files are present (instruction-only skill). Nothing is downloaded or written to disk by the skill package itself, which minimizes supply-chain risk.
Credentials
The skill declares no required environment variables or credentials. However, it assumes the user has configured an AI backend (and mentions third-party providers) which may require API keys in the user's OpenClaw environment — those keys are external to the skill and not requested by it. Users should ensure any provider keys they configure have appropriate scope and trust level.
Persistence & Privilege
always is false and the skill does not request or modify system-level configs. It is user-invocable only, so it will not be force-included in every agent run.
Assessment
This skill appears to do what it says (contract scanning) and does not ask for extra credentials or install code. Before using it with sensitive contracts: 1) Verify where your files are sent — check your OpenClaw agent's configured AI provider and its privacy/retention policy; 2) If you must upload sensitive or regulated documents, prefer an on-prem or trusted provider or consult a lawyer instead of relying solely on AI; 3) Be cautious about paid setup offers or contact handles (the SKILL.md references Telegram @ShuaigeSkillBot and paid configuration services) — verify the seller independently before paying; 4) Test the skill with a redacted or dummy contract first to confirm output format and that no unexpected external endpoints are contacted; 5) If you need stronger guarantees (attorney–client privilege, non‑disclosure), consult a qualified lawyer rather than relying exclusively on this tool.Like a lobster shell, security has layers — review code before you run it.
latestvk972fbffjq4ascsgcgsdpfzb2x83vnjk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.