汇付支付历史最强 Doctor:基于证据的支付诊断手册 (让你的AI不再胡思乱想)
PassAudited by ClawScan on May 7, 2026.
Overview
This is an instruction-only Huifu payment troubleshooting guide with sensible redaction rules, but users should be careful not to paste secrets or sensitive payment data.
This skill appears safe to use as a payment debugging checklist. Before installing or invoking it, remember that payment logs and webhook payloads can contain sensitive merchant, transaction, or personal data. Paste only the minimum evidence needed, redact secrets and customer details, and verify any production changes against official Huifu documentation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sharing merchant or transaction identifiers may reveal business/payment context even if no secret keys are shared.
The skill asks for payment and merchant identifiers to diagnose failures. These are purpose-aligned and described as safe identifiers, but they still relate to a payment account context and should not be over-shared.
Safe identifiers if available: `req_date`, `req_seq_id`, `hf_seq_id`, `huifu_id`, `project_id`
Share only the minimum identifiers needed for diagnosis, mask nonessential values, and never paste private keys, passwords, certificates, or tokens.
If a user pastes unredacted logs or payloads, sensitive personal, merchant, or transaction data could enter the AI conversation.
The diagnostic workflow expects users to paste request bodies and related payment evidence into the agent context, while explicitly instructing them to redact keys, phone numbers, ID numbers, and tokens.
请求体,密钥、手机号、证件号、token 打码
Redact secrets, tokens, full certificates, phone numbers, ID numbers, card data, and unnecessary customer details before using the skill.
Users may not be able to easily verify who maintains the guidance or whether it matches current official Huifu documentation.
The skill has no declared source repository or homepage. This is low risk for an instruction-only skill, but provenance matters because the content advises on payment integration and production readiness.
Source: unknown; Homepage: none
Use the skill as a troubleshooting checklist, but confirm production-impacting advice against official Huifu/DouGong documentation or support channels.