ClawHub

合同卫士 / Contract Guardian

v1.0.0

合同卫士 — AI合同审查助手,识别风险条款、提取关键信息、追踪到期日

0· 100·0 current·0 all-time
byJun Zhang@hanjing5024064
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided scripts and SKILL.md: all files implement local parsing, key-info extraction, risk analysis, comparison, and local archiving. No unexpected cloud services, credentials, or unrelated binaries are required.
Instruction Scope
SKILL.md instructs the agent to run the included local Python scripts and to read user-supplied contract files — this is appropriate for the stated purpose. Note: the skill reads and writes local files (CG_DATA_DIR default under the user's home) and will parse whatever file paths the user supplies; the agent must not be given paths to unrelated sensitive files. The subscription gating is performed locally via an env var (CG_SUBSCRIPTION_TIER).
Install Mechanism
No install spec — instruction-only plus bundled Python scripts. Optional runtime dependencies (pdfplumber, python-docx) are mentioned in docs and only needed for PDF/DOCX parsing; no remote downloads or archive extraction are performed by the skill itself.
Credentials
The skill uses two optional environment variables (CG_SUBSCRIPTION_TIER, CG_DATA_DIR) as documented — this is proportional. A notable behavior: subscription 'paid' is enabled purely by setting CG_SUBSCRIPTION_TIER locally (no remote license/payment verification), which may be surprising. Contract data is stored in cleartext under CG_DATA_DIR by default; no credentials or secrets are requested.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide agent settings. It persists data only to its own data directory (CG_DATA_DIR) and does not attempt to enable itself or change platform configurations.
Assessment
This skill appears to do what it claims and runs entirely locally. Before installing: (1) be aware contract files and extracted text will be stored unencrypted under CG_DATA_DIR (default ~/.openclaw-bdi/contract-guardian/); protect or change that path and consider disk encryption; (2) the paid/unlock mechanism is just an environment variable (CG_SUBSCRIPTION_TIER=paid) with no external payment check — settable locally; (3) PDF/DOCX support requires optional Python packages (pdfplumber, python-docx); install them if you need those formats; (4) avoid passing the skill file paths to unrelated sensitive files (system configs, SSH keys, etc.); (5) this is an automated assistant — reports are advisory and do not replace legal advice. If you want stronger guarantees, review the stored JSON files and file permissions in CG_DATA_DIR before trusting the skill with sensitive contracts.

Like a lobster shell, security has layers — review code before you run it.

compliancevk97fhmzqyd0nmgra29n45en8wn8363b0contract-reviewvk97fhmzqyd0nmgra29n45en8wn8363b0latestvk97fhmzqyd0nmgra29n45en8wn8363b0legalvk97fhmzqyd0nmgra29n45en8wn8363b0risk-analysisvk97fhmzqyd0nmgra29n45en8wn8363b0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments