Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
POLICY-MANAGER
v1.0.0保单数据管理 - 创建、读取、更新保单 JSON 文件。当用户选择产品后创建保单,上传材料后更新材料列表和提取数据,口述信息后更新投保数据,确认缴费计划后更新状态。
⭐ 0· 91·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (保单数据管理) align with the included script which creates/reads/updates policy JSON files. However there are mismatches: SKILL.md claims 'Requires jq for JSON manipulation' but the shipped CLI is a Node script and does not use jq; the script optionally calls an external API via process.env.POLICY_API_URL even though no environment variables are declared in the skill metadata. These inconsistencies suggest sloppy packaging or incomplete metadata.
Instruction Scope
SKILL.md instructs the agent to create/update/read local JSON policy files and to call material-* subskills for document parsing — this is consistent with the skill purpose. But the instructions and the script both rely on specific local filesystem locations (e.g., paths under /Users/wuaihua/workspaces/insurance-clerk/), and SKILL.md examples use oss:// URIs. The skill will read a local mock-api.json at a hard-coded path if an external API is not configured. Review these file-path assumptions before use.
Install Mechanism
There is no install spec (instruction-only plus a bundled Node script). That lowers install risk because nothing is automatically downloaded or installed from external URLs. The included files are static and local.
Credentials
Skill metadata lists no required environment variables, but the script reads process.env.POLICY_API_URL to call arbitrary endpoints if provided. This is a mismatch: an undeclared env var can change behavior to make external network calls. No credentials are declared, yet the script can be pointed to any baseUrl and will JSON-post/GET to it. The lack of declared env vars means users may not realize this network capability.
Persistence & Privilege
The script writes and updates policy JSON files on disk (creates directory and files). That is expected for a file-management skill. However the path is hard-coded to a user-specific absolute path (/Users/wuaihua/workspaces/insurance-clerk/policies) and the script also reads /Users/wuaihua/workspaces/insurance-clerk/mock-api.json. Hard-coded absolute paths can lead to surprising writes or failures; consider reconfiguring the directory or running in a sandbox.
What to consider before installing
This skill is functionally consistent with a policy JSON manager, but there are several concerns you should address before installing: 1) Hard-coded paths: the CLI writes to and reads from /Users/wuaihua/... — change POLICIES_DIR to a safe, configurable location or run in an isolated environment to avoid unexpected file writes. 2) Undeclared environment variable: the script will make network calls if POLICY_API_URL is set; treat that as a powerful switch—do not set it to an untrusted endpoint. 3) SKILL.md mismatch: it mentions 'Requires jq' but the shipped script is Node-based and does not use jq; metadata should be corrected. 4) Review mock-api.json and any local templates before use to avoid processing untrusted test data. 5) Because the skill can write files and optionally call an external API, run it with least privilege (sandbox, restricted network) and inspect/modify the code (scripts/policy-manager.js) to point directories and endpoints to locations you control. If you need to allow autonomous invocation, consider the additional risk that the skill could write/update files or contact an endpoint without manual review.Like a lobster shell, security has layers — review code before you run it.
latestvk97dda1h93t208n87e24k8978983pph8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.