汇付支付历史最强 Doctor:基于证据的支付诊断手册 (让你的AI不再胡思乱想)
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sharing merchant or transaction identifiers may reveal business/payment context even if no secret keys are shared.
The skill asks for payment and merchant identifiers to diagnose failures. These are purpose-aligned and described as safe identifiers, but they still relate to a payment account context and should not be over-shared.
Safe identifiers if available: `req_date`, `req_seq_id`, `hf_seq_id`, `huifu_id`, `project_id`
Share only the minimum identifiers needed for diagnosis, mask nonessential values, and never paste private keys, passwords, certificates, or tokens.
If a user pastes unredacted logs or payloads, sensitive personal, merchant, or transaction data could enter the AI conversation.
The diagnostic workflow expects users to paste request bodies and related payment evidence into the agent context, while explicitly instructing them to redact keys, phone numbers, ID numbers, and tokens.
请求体,密钥、手机号、证件号、token 打码
Redact secrets, tokens, full certificates, phone numbers, ID numbers, card data, and unnecessary customer details before using the skill.
Users may not be able to easily verify who maintains the guidance or whether it matches current official Huifu documentation.
The skill has no declared source repository or homepage. This is low risk for an instruction-only skill, but provenance matters because the content advises on payment integration and production readiness.
Source: unknown; Homepage: none
Use the skill as a troubleshooting checklist, but confirm production-impacting advice against official Huifu/DouGong documentation or support channels.