Contract Auditor
v1.0.0合同审计 Skill - AI 辅助审查合同条款,识别风险和问题 功能: - 自动提取合同文本(Word 格式) - 审查金额条款(一致性、付款节点、违约金) - 审查交付条款(时间、标准、延期责任) - 审查合规性(签章、日期、关键条款) - 风险提示(不利条款、模糊表述) - 生成审计报告 + 批注文档
⭐ 0· 84·0 current·0 all-time
by@bjmfjoy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (contract audit, Word extraction, clause checks, annotated outputs) match the included code files: text extraction, analyzers for payment/delivery/compliance/risk, and annotators for Markdown/Word. No unrelated env vars, binaries, or cloud credentials are requested.
Instruction Scope
SKILL.md instructs users to send Word files and describes generating reports and annotated Word/Markdown outputs. The code implements those flows. One minor note: the documentation promises temporary storage and deletion of files, but in the reviewed files there is configuration for temp_dir/retention_days yet no explicit automatic deletion/purge implementation was visible in the reviewed snippets — this is an implementation detail to verify if you care about strict retention guarantees.
Install Mechanism
No install spec is included (instruction-only skill with code files). Dependencies are standard Python libraries (python-docx, optional pdf/OCR libs commented in requirements.txt). No external downloads, unknown URLs, or extract/install steps were present in the package.
Credentials
The skill requests no environment variables, no credentials, and no config paths beyond its own temp_dir in a config example. All environment access is proportional to processing local contract files. There are no calls to external endpoints or secret exfiltration patterns in the reviewed code.
Persistence & Privilege
always is false and autonomous invocation is allowed (platform default). The skill does not request permanent platform-wide privileges or modify other skills. It reads and writes local files (input contract and annotated output), which is expected for its purpose.
Assessment
This skill appears to do what it says: extract text from Word contracts, run heuristic analyses, and produce Markdown or annotated Word outputs. Before installing or using it consider: 1) Data privacy: audit where the agent runtime will store uploaded contracts (config shows /tmp/contract_auditor and retention_days) and confirm files are removed per your policy, since I did not find an explicit purge implementation in the reviewed snippets. 2) Dependencies: python-docx is required for Word annotation; optional PDF/OCR libraries are commented out. Ensure those are installed only if you need PDF/OCR. 3) Legal scope: the tool is heuristic-based (regex and simple rules); do not treat outputs as legal advice—have a lawyer review important contracts. 4) Runtime environment: run the skill in a trusted/local environment if contracts contain sensitive business data; verify the agent platform does not forward files to external services. 5) If you need stronger guarantees (audit logging, automatic secure deletion), request or inspect the parts of the codebase that implement storage/retention and file-deletion behavior before relying on it.Like a lobster shell, security has layers — review code before you run it.
latestvk979bqh4smprxw20e6v9bdyvmh83hcae
License
MIT-0
Free to use, modify, and redistribute. No attribution required.