Real Estate Report Workflow
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may search the web, fetch pages, create or edit report files, and run local checks as part of the workflow.
The skill explicitly asks the agent to use web, file-writing, and command tools. These tools are aligned with researching and generating reports, but they can affect the local workspace and make external requests.
`web_search` | 联网搜索市场数据、政策、竞品信息 ... `write` / `edit` | 保存报告 Part 文件 ... `exec` (python3) ... `exec` (node)
Use the workflow in a dedicated project folder, review generated files, and approve steps that run commands or save output.
Running the workflow can execute local scripts that read report files and write generated outputs.
The workflow runs bundled Python and Node scripts for quality checks and DOCX export. The visible script behavior is report-processing and purpose-aligned, but it is still local code execution.
执行 `python3 scripts/l1_check.py reports/{报告文件}.md` ... `node scripts/generate_report_docx.js`Inspect the scripts before first use, run them from the skill/project directory, and avoid running them on untrusted report files.
Installing dependencies may download third-party package code from package registries.
The DOCX export depends on a third-party npm package with a version range rather than a lock-pinned version. This is expected for document generation but is a supply-chain consideration.
"dependencies": { "docx": "^9.0.0" }Install dependencies in a trusted environment, consider pinning/locking versions, and review dependency provenance if used for sensitive work.
Future sessions may rely on saved project files, and sensitive report inputs may remain on disk.
The skill persists workflow state and later reloads it. This is useful for long reports, but persistent project files can contain private business information or stale/tampered context.
所有状态持久化到文件。恢复流程:读取 `PROJECT_INDEX.md` → 读取 `PROJECT_STATE.md` → 检查断点文件 → 续写。
Store project files in a controlled location, review state files before resuming, and avoid placing confidential data in shared or untrusted folders.