噗滋慈善 - 文书助手 / pozzzi-charity document-assistant
ReviewAudited by ClawScan on May 17, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Before installing, confirm you trust the model provider and any shared platform packages, avoid entering unnecessary personal or sensitive data, and manually review all generated contracts or formal documents before use. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Publisher note
NGO 行政文书草稿生成,含合同 / 会议纪要 / 公函 / 感谢信 / 工作计划 / 协议 6 类。合同类文书的关键法律条款(保密 / 争议解决 / 责任限制等)直接从模板复制,不经 AI 改写以避免错误。用户自带模型 API key
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your chosen model-provider account may be used to generate the documents.
The skill expects the user to provide access to a model provider. This is expected for the document-generation purpose, but users should understand which provider credentials or account authority they are using.
✅ 用户自带模型 API(混元/DeepSeek/豆包,均已各自备案)
Use a trusted model provider, avoid sharing overly broad credentials, and check provider billing/privacy settings before use.
Draft details may be processed by the selected model service.
The generated prompt messages are sent to an injected model client. This is central to the skill's purpose, but the actual data boundary depends on the configured model gateway/provider.
const chatResult = await modelClient.chat(messages, { temperature, maxTokens });Do not include unnecessary personal or highly sensitive information, and verify the configured model provider's data-handling policy.
Someone with access to the local storage could learn that a document was generated for a particular organization and document type.
The skill records local generation history metadata. The code does not show prompt/body logging, but organization and document metadata may persist locally.
await _safeAppendHistory(storage, SKILL_ID, { org_name: input.org_name, document_type: input.document_type, document_subtype: input.document_subtype, timestamp: new Date().toISOString(), ... });Use this on trusted devices and check the platform's storage/history controls if the organization name or document activity is sensitive.
Runtime behavior partly depends on a shared package that was not visible in this submission.
The runtime imports a shared helper outside the provided file manifest. The helper is purpose-aligned with disclaimer injection, but its source was not included in the reviewed artifacts.
const { injectDisclaimer } = require('../../../packages/shared/disclaimer-injector');Prefer installing from a trusted source or verify the shared package used by the platform before relying on the skill for formal documents.