中国法律合规AI技能包
v1.0.0提供50个面向中国企业的AI法律合规自动化技能,涵盖合同审查、法律问答、劳动合规、知识产权及数据保护等领域。
⭐ 0· 189·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The 50 included Python scripts implement the contract, labor, IP, data, and enterprise-compliance features described in SKILL.md and README (contract review, extraction, templates, audits, risk matrices, etc.). No obvious requests (env vars, binaries, system paths) are disproportionate to the stated purpose.
Instruction Scope
SKILL.md gives reasonable local usage instructions (install via clawhub, copy a config template, run specific skills). It also mentions an optional 'DeepSeek API Key' for advanced legal QA; the core instructions and many scripts operate locally, but enabling an optional external API would transmit queries externally — that behavior is optional but not fully documented in requires.env (i.e., optional external endpoints are not declared).
Install Mechanism
There is no install spec and the package is instruction-plus-script based; the files are plain Python scripts (no network download/install steps shown). This is lower-risk from an automatic install perspective, though manual installation via clawhub/openclaw may execute scripts on the host.
Credentials
The skill declares no required environment variables or credentials, which matches the largely local processing scripts. However SKILL.md advertises an optional third‑party DeepSeek API key (not declared as required) and asks users to populate a config/legal-config.yaml — that config may contain enterprise data. The optional API and config file are the main vectors that could expose sensitive data if enabled or misconfigured.
Persistence & Privilege
The package does not request always:true or other elevated persistent privileges; it is user-invocable and can be run interactively. Nothing in the manifest indicates modification of other skills or system-wide settings.
Assessment
This bundle appears to implement what it advertises and runs primarily with local Python scripts, but note the package has an unknown source (no homepage) and claims an external 'DeepSeek API Key' option. Before installing: 1) Review the included config/legal-config.yaml.template and any omitted files for sensitive data sinks; 2) Do not enable or populate external API keys (DeepSeek or similar) until you verify the endpoint and privacy policy; 3) Run the package in an isolated/test environment first (do not point it at production data) and inspect network activity if you enable optional features; 4) Verify the claimed security audit and supply-chain statements with the vendor or independent review; 5) If you will purchase or deploy this in production, consider having legal/compliance or security engineers audit the remaining omitted files and the config handling.Like a lobster shell, security has layers — review code before you run it.
latestvk97fwagegdw1xqczcyyz8zjpas83mzxb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.