Shouxin Report
v1.0.0Use when handling a small-business bank credit investigation report under a fixed Excel template, from intake and material extraction through drafting, custo...
⭐ 0· 43·0 current·0 all-time
by@jieszs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill name/description (fixed-template small-business credit reports) aligns with the inputs it asks for (template path, customer materials, bank rules, draft) and the outputs it promises (updated workbook, extraction, checklist). Nothing required by the skill (no env vars, no binaries, no install) appears disproportionate to the stated purpose.
Instruction Scope
SKILL.md directs the agent to read the supplied template and customer materials, extract and normalize financial items, and produce draft and checklist deliverables — all appropriate. It also allows use of "external sources for auxiliary verification" (open-ended web lookups) and references another skill via an absolute local path (/Users/daisy/.codex/skills/spreadsheet/SKILL.md). Those are not inherently malicious but are somewhat broad: confirm what external sources the agent may query and be aware the skill expects access to whatever local files/paths you supply.
Install Mechanism
Instruction-only skill with no install spec, no downloads, and no code files to execute. This minimizes installation risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. The inputs it requests (file paths, drafts, bank rules) are reasonable for the task. There are no unexpected secret or credential requests.
Persistence & Privilege
always is false and there is no installation that forces persistence. agents/openai.yaml sets allow_implicit_invocation: true (permits implicit invocation), which is a normal policy choice for skills and not by itself problematic.
Assessment
This skill appears coherent for fixed-template credit-report work and does not request credentials or install code. Before using it: (1) only provide templates and customer materials you intend the agent to read; the skill will need file access to those paths; (2) ask the skill author or your admin whether "external sources for auxiliary verification" will cause outgoing web calls and to which endpoints; (3) note the SKILL.md contains an absolute local path to another skill (/Users/daisy/...), which looks like an authoring artifact — verify the skill won't try to read arbitrary local paths beyond what you explicitly supply; (4) consider redacting highly sensitive fields in test runs and validate outputs on non-sensitive data first.Like a lobster shell, security has layers — review code before you run it.
latestvk97fqkepte4y7a5c40bk5s2hn983zw2b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.