Contract Check
v1.0.1通用商务合同审核与风险检测技能。安装后必须先引导用户完成企业商业底线配置,之后才能审核合同。支持PDF/Word/文本格式合同审核,输出结构化审核报告,包含否决项、警告项和改进建议。当用户要求审核合同、检查合同风险、审查合同条款、合同自审、合同红线检查时激活。
⭐ 0· 81·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (contract review, redline checks) match the actual behavior: reading reference templates, asking configuration questions, scanning contract text against configured redlines and keywords. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
SKILL.md stays within the contract-review domain (initialization, per-review checks, redline rules). It explicitly instructs reading/writing a single config file under ~/.openclaw/workspace/.contract-review-config.json and reading bundled reference files. One runtime command example uses exec (cat) to check file existence; the command is static and limited in scope. Recommendation: be aware the skill will persistently store business configuration and contract-related data locally.
Install Mechanism
Instruction-only skill with no install spec, no external downloads, and no code files to execute. This is the lowest-risk install posture and matches the content.
Credentials
The skill requests no environment variables, credentials, or external endpoints. It does write and read a local config file containing potentially sensitive company/business rules (company name, financial thresholds, IP policy). Requesting local file read/write access is proportional to purpose but users should recognize that sensitive business policy data will be stored on disk.
Persistence & Privilege
The skill persists its own configuration at ~/.openclaw/workspace/.contract-review-config.json and provides commands to view/modify/reset it. 'always' is false and the skill does not modify other skills or global settings. Persistent storage of configuration is expected for this use case but users should be aware of the local file presence and lifecycle.
Assessment
This skill appears internally consistent for reviewing contracts and enforcing per‑company redlines. Before installing, note: (1) it will create and read a persistent config file at ~/.openclaw/workspace/.contract-review-config.json — that file will contain company name, role (甲方/乙方) and business thresholds, so avoid storing secrets you wouldn't want on disk; (2) it runs a simple shell check (cat) to detect the config file — the command shown is static, but you should ensure the agent runtime environment is trusted and sandboxed; (3) the skill does not use network or request credentials, so data remains local unless your agent runtime explicitly forwards it elsewhere; (4) you can review and delete the config file via the skill's '重置配置' command if you want to remove persistent data. If you need stronger guarantees (encryption at rest, retention policy, or avoidance of writing persistent data), ask the publisher or avoid enabling persistence.Like a lobster shell, security has layers — review code before you run it.
latestvk97fgx2ag37w7jms548qwanvvd8406rp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.