anyshare-contract-rule-review
ReviewAudited by ClawScan on May 11, 2026.
Overview
The skill appears coherent and non-malicious, but it needs an AnyShare bearer token and uploads contract files/reports to AnyShare, including creating share links.
Before installing, confirm you are comfortable uploading the selected contracts to AnyShare, storing review reports there, and generating share links. Keep the AnyShare token private, review link permissions, and delete any temporary local copies created during troubleshooting.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with access to this configured token may be able to act on the user's AnyShare documents according to the token's permissions.
The skill requires an AnyShare bearer token with access to the user's document library. This is purpose-aligned, but it is sensitive account authority.
Token 须预先配置到 `~/.openclaw/workspace/config/mcporter.json` ... "Authorization": "Bearer <your_token_here>"
Use a least-privilege AnyShare token if available, keep mcporter configuration private, rotate the token if exposed, and remove the token when no longer needed.
The skill can add contract files and reports to AnyShare and create links that may allow others to access those outputs depending on AnyShare permissions.
The documented workflow uses MCP/API operations to create cloud folders, upload files, save reports, and create sharing links. These are disclosed and central to the skill, but they mutate cloud data and can expose shared content if misconfigured.
创建目录结构 → 上传合同原文 → ... → 保存审阅报告 → 生成分享链接 ... dir_create ... file_osendupload ... file_sharedlink_realname_create
Review the target folder, uploaded file, and share-link permissions before use; prefer expiring or access-restricted links for sensitive contracts.
Contract text and generated review results will be processed and stored in the AnyShare environment rather than staying only on the local machine.
The skill sends the selected contract through the AnyShare MCP/API flow and invokes an AnyShare review skill. This is disclosed and purpose-aligned, but contract contents are sensitive business data.
上传桌面合同文件到 AnyShare 个人文档库 ... 调用 `__规则审阅__1` 技能进行审阅
Use this only for contracts you are allowed to upload to AnyShare, confirm the AnyShare tenant/account is correct, and verify retention and sharing policies.