噗滋慈善 - 申报助手 / pozzzi-charity application-assistant
ReviewAudited by ClawScan on May 17, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Before installing, be comfortable sharing NGO project, organization, and budget information with the configured model provider. Use a scoped API key if possible, check local log retention/deletion behavior, and manually review all generated application drafts and placeholders before submission. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Publisher note
NGO 公益管理 RAG 知识库咨询,覆盖慈善法规 / 合规操作 / 组织治理 / 财务税务 / 人力资源 5 大类。每条回答硬编码强制免责声明("本回答不构成法律意见,建议咨询专业律师/税务师")+ 知识库来源标注。仅咨询不执行业务,用户自带模型 API key
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume quota or incur costs on the user's chosen model-provider account.
The skill expects the user's model-provider API access to be used, even though the registry requirements list no required credential. This is purpose-aligned for an AI drafting tool, but it is still account/API authority.
✅ 用户自带模型 API(混元/DeepSeek/豆包,均已各自备案)
Use a limited-scope API key where possible, monitor provider usage, and avoid sharing credentials outside the intended model-gateway flow.
Sensitive project or organizational details could be sent to the configured model provider, subject to that provider's data handling policies.
The workflow sends the generated prompt/messages to an injected model client. This is expected for generating application drafts, but it means selected organization, project, and budget information may be processed by a model provider.
const chatResult = await modelClient.chat(messages, { temperature: 0.5, maxTokens, });Confirm which model provider is configured, review its privacy terms, and avoid entering unnecessary personal or confidential details.
Local history/log records may reveal which organization generated which type of funding application and when.
The skill writes audit and history records through a storage adapter. The visible fields are limited metadata rather than prompt text or generated content, but they are persistent records about the user's organization and application activity.
await _safeAppendAuditLog(storage, { event: 'application_generated', org_name: input.org_name, application_type: input.application_type, ... }); ... await _safeAppendHistory(storage, SKILL_ID, { org_name: input.org_name, application_type: input.application_type, ... });Check where the storage adapter keeps logs, who can access them, and how to delete them if the application data is sensitive.
A complete source review cannot verify the behavior of that shared helper or other injected services from the submitted files alone.
The code imports a shared package outside the supplied file manifest. This appears to be a normal shared helper for disclaimer injection, but its implementation is not included in the provided artifacts.
const { injectDisclaimer } = require('../../../packages/shared/disclaimer-injector');If running from source, review the referenced shared packages and injected model/storage adapters before use.