ClawHub

Contract Reviewer Dongjie

v0.1.0

Analyzes contract text to extract key clauses, risks, party obligations, compliance notes, and negotiation recommendations for faster legal review.

0· 32·0 current·0 all-time
by@dj-520-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (contract analysis) align with the code and SKILL.md: main.js performs lightweight clause detection on input.text and returns structured findings. The only oddity is that package-lock.json contains many dependencies (e.g., clawhub and others) while package.json declares no dependencies — this is inconsistent but not directly harmful in itself.
Instruction Scope
SKILL.md instructs the skill to read contract text and return structured findings. main.js only reads input.text and performs local regex checks; it does not access files, environment variables, or network endpoints.
Install Mechanism
There is no install spec (instruction-only runtime). That is low risk. However, the presence of a large package-lock.json (with many external packages) despite an empty dependencies section in package.json is inconsistent — it could be leftover or copied from another project. Because there is no declared install step, nothing will automatically download or run those dependencies, but the mismatched lockfile is worth cleaning or verifying.
Credentials
The skill requests no environment variables, no credentials, and references no config paths. This is proportionate for a local text-analysis skill.
Persistence & Privilege
Flags: always is false and the skill does not attempt to modify system or agent-wide settings. It does not request persistent presence or extra privileges.
Assessment
This skill appears to do what it says: simple, local regex-based extraction of common contract clauses. Before installing: 1) Confirm you are comfortable sending contract text to the platform (this skill itself does not transmit data, but check agent policies and runtime environment). 2) Consider removing or regenerating the package-lock.json (or ask the author) because it contains many dependencies that are not declared in package.json — this mismatch is probably benign but should be cleaned to avoid confusion. 3) Treat results as a starting point only — the detection is simple regex logic and is not a substitute for legal review. If you need stronger guarantees (privacy, auditability), request a version with an explicit install spec and a minimal dependency set or inspect any runtime environment the agent will use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97108wvvk8dh12t7fh5fxq7bx848q4a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments