Openclaw Skill
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: workplace-life-helper Version: 1.3.0 The skill bundle is a legitimate API wrapper for a suite of workplace and life assistance services (renting, resume optimization, and content compliance). The Python script `scripts/api_client.py` uses standard libraries to communicate with a Coze-hosted API endpoint and includes robust handling for a transparent 'pay-per-use' model via Alipay, with no evidence of malicious intent, data exfiltration, or unauthorized execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may trigger a 0.10 CNY payment flow for each API call once the user authorizes payment.
The skill discloses a per-call paid workflow using Alipay A2M. This is expected for the stated paid service, but it involves delegated payment authority after user authorization.
统一价格:0.10元/次 ... 支付宝AI收会自动处理付费流程,用户授权后即可使用
Only approve payment prompts when you intentionally want to use the service, and monitor repeated calls if asking for multiple outputs.
Text you provide for review or generation may be sent to the remote service operator for processing.
The client posts the user's JSON input to a remote API endpoint. The SKILL examples include resumes, rental contracts, and content drafts, which can contain sensitive personal or business information.
API_BASE_URL = "https://w4h8ghmxcv.coze.site" ... data = json.dumps(body).encode('utf-8') ... method='POST'Avoid submitting highly sensitive personal, legal, financial, or confidential business information unless you trust the service and its privacy handling.