噗滋慈善 - 报告助手 / pozzzi-charity report-assistant
ReviewAudited by ClawScan on May 16, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Before using this with real NGO data, verify the trusted source and shared dependencies, use scoped model-provider credentials, desensitize beneficiary stories, avoid under-14 individual-level data, and manually review all generated legal/financial report drafts before submission. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Publisher note
开源公益工具,用户自带模型 API(混元/DeepSeek/豆包),不调用任何境外网络。
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Some safety-critical behavior, such as disclaimer injection and gateway/storage handling, depends on components not fully shown in the submitted artifacts.
The workflow depends on a shared helper outside the submitted file tree, and related gateway/storage components are injected rather than fully included. This is a transparency/provenance note, not evidence of malicious behavior.
const { injectDisclaimer } = require('../../../packages/shared/disclaimer-injector');Install only from a trusted source and verify the exact shared packages, model gateway, and storage adapter used in your environment.
Your model-provider account may be used to process the report prompts.
The skill expects access to user-provided model-provider credentials or delegation. This is expected for report generation, and the artifacts do not show hardcoded keys or credential logging.
✅ 用户自带模型 API(混元/DeepSeek/豆包,均已各自备案)
Use least-privilege or dedicated API keys where possible, and check provider billing, retention, and data-use policies before sending sensitive NGO data.
Report content may be processed by the selected model provider or gateway.
The generated prompt messages are sent to an injected model client/gateway. This is the core purpose of the skill, but those prompts can contain structured report, financial, project, and beneficiary-story data.
const chatResult = await modelClient.chat(messages, { ... maxTokens });Do not include identifiable beneficiary stories or unnecessary personal data; confirm the configured model provider and gateway meet your privacy requirements.
Some report-generation metadata may remain available locally for months.
The skill discloses persistent local logs/history. The stated scope excludes prompt正文, and the shown workflow logs metadata such as organization name, report type, model, provider, and duration.
日志保留 ≥6 个月,不含 prompt 正文 ... storage-adapter — 本地数据存储(日志、历史)
Review where the local storage adapter writes data and whether its retention policy is acceptable for your organization.