Return Policy
v2.3.6退换货政策生成。电商退货政策、实体店政策、国际退货、退款流程、模板库、FAQ。Return policy generator. 退换货、退款政策。
⭐ 0· 346·0 current·0 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description (return-policy generator) matches the included scripts and SKILL.md. Minor inconsistency: the bundled scripts invoke python3 but the registry metadata lists no required binaries. In practice python3 (and a POSIX shell) are required for the scripts to run; this is a small metadata omission rather than malicious behavior.
Instruction Scope
The SKILL.md and scripts instruct the agent to run local commands and generate policy text/HTML. The runtime instructions do not access network endpoints or read arbitrary system files. The scripts do create and append to files under a data directory (default: ${XDG_DATA_HOME:-$HOME/.local/share}/return-policy), so the skill will persist user-provided entries/logs on disk. This is expected for a local utility but worth noting.
Install Mechanism
No install spec / no remote downloads. The skill is instruction-and-script-only; nothing is pulled from external URLs at install time, which minimizes risk.
Credentials
The skill does not request credentials or secrets. It does read standard environment variables (XDG_DATA_HOME, HOME) and honors an optional RETURN_POLICY_DIR to override storage path; RETURN_POLICY_DIR is not declared in requires.env metadata. This is reasonable, but users should be aware they can change RETURN_POLICY_DIR to point to arbitrary paths (so avoid setting it to sensitive system locations).
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges. It only persists data under a per-user data directory and its own history.log/data.log files. There is no attempt to modify other skills or system-wide configurations.
Assessment
This skill appears to be a straightforward local return-policy generator. Before installing or running it: (1) know that it will create a data directory (by default ~/.local/share/return-policy) and write logs/data there; (2) it requires a POSIX shell and python3 to run (these were not listed in the metadata); (3) you can override where it stores data by setting RETURN_POLICY_DIR — do not point that to sensitive system or credential directories; (4) the scripts do not connect to the network or ask for secrets. If you want to be extra cautious, inspect the scripts on disk and run them in a restricted environment (container or throwaway user) before giving them access to important files.Like a lobster shell, security has layers — review code before you run it.
latestvk97f7cesfwxsqfbqar09vq84kh833qt4productivityvk97e320axnpg035ppjgn7w85ad82ss10
License
MIT-0
Free to use, modify, and redistribute. No attribution required.