社保公积金基数与比例查询
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill does not show credential theft or destructive behavior, but it claims official, nationwide, auto-updated results while the included code uses hardcoded mock data, so it needs review before reliance.
Review carefully before installing or relying on the output. The code appears low-risk for privacy and system access, but it should not be trusted as an authoritative or nationwide source until the mock data and update claims are corrected.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users could rely on incomplete or stale contribution rates for payroll or benefits decisions.
The implementation acknowledges placeholder mock data, which conflicts with the skill's claims of latest official nationwide retrieval and could make users over-trust inaccurate financial/compliance data.
# 模拟数据源:实际项目中替换为公开API或爬虫抓取逻辑
Treat the skill as a demo unless the publisher replaces mock data with verified sources, clearly labels coverage and freshness, and aligns the documentation with the actual implementation.
If implemented later or interpreted by an agent, updates could occur outside a direct query unless bounded by user controls.
This describes recurring autonomous update behavior, but the provided artifacts do not show a scheduler, background process, or controls for enabling/disabling it.
每月1号自动执行全量数据更新,拉取全国各地区最新社保公积金政策
Require explicit user-triggered updates or document any scheduler, logs, scope, and opt-out/delete controls.
The skill may return cached public policy data that is outdated or altered.
The skill persists query data in a local cache and reuses it for up to 30 days, so stale or locally modified cache contents may be trusted in later answers.
CACHE_FILE = os.path.join(os.path.dirname(os.path.abspath(__file__)), "cache.json")
Show cache age and source in responses, provide a clear refresh option, and allow users to delete or ignore cached data.
The script may fail in environments without requests, and future network behavior would depend on an undeclared package.
The metadata declares only the python binary and there is no install spec or pinned package declaration for requests, creating minor runtime/dependency ambiguity; the import is unused in the included code.
import requests
Remove the unused import or declare and pin required Python dependencies.