Contract Risk Scan
v1.0.1Scan contracts for common risk clauses and potential issues. Use when the user asks about 合同风险、合同审查、条款风险、合同问题、帮我看合同、合同检查, or wants to identify problematic cl...
⭐ 0· 163·2 current·2 all-time
byhaidong@harrylabsj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description (contract risk scanning) match the provided code and reference data: regex-based risk patterns, scanning functions, examples, and test cases. Required environment, binaries, and config paths are empty — appropriate for a text-scanning tool.
Instruction Scope
SKILL.md restricts behavior to receiving contract text, identifying contract type, scanning against documented risk patterns, and reporting results. The runtime code performs only local regex scans and text formatting; it does not read unrelated system files or attempt network transmission. The privacy claim (no data stored/transmitted) aligns with the code (no network or persistence calls).
Install Mechanism
There is no install spec (skill is instruction/code-only). The package contains Node.js scripts and a small Python example and tests — all local files. No external downloads, package installs, or extracted archives are present.
Credentials
The skill requests no environment variables, credentials, or config paths. All processing is local and the number and type of environment requests are proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent privileges. It does not modify other skills or system-wide settings. Files included are standard scripts and tests for local use.
Assessment
This appears to be a straightforward local contract-risk scanner: it uses regex rules to flag common problematic clauses and contains tests and an example script. Before installing, consider: (1) It is a preliminary, non-exhaustive tool and not legal advice — consult a lawyer for important contracts. (2) The scanner may produce false positives/negatives because it relies on pattern matching; review flagged context manually. (3) If you plan to run the included Node script in an environment where contract text is sensitive, ensure the runtime environment (your machine or agent) is trusted — the repository itself does not transmit or store data, but your agent or other installed tooling might. Otherwise the skill is internally coherent and proportionate to its stated purpose.Like a lobster shell, security has layers — review code before you run it.
contractvk97dknh1htaz3bah3tvs7vkvm5833fdvlatestvk970d03ekbjmbvdjh0rk383a9s8320hflegalvk97dknh1htaz3bah3tvs7vkvm5833fdvreviewvk97dknh1htaz3bah3tvs7vkvm5833fdvriskvk97dknh1htaz3bah3tvs7vkvm5833fdv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.