Sdbao
v1.0.0水滴保险经纪综合服务助手(sdbao)。支持查看精选保险产品推荐、登记用户购险线索给经纪人、产品咨询、理赔协助和保单管理。当用户询问水滴保险产品、想了解精选险种、需要经纪人联系、或需要水滴系保险服务时使用。
⭐ 0· 110·0 current·0 all-time
byWenbing Ji@jiwenbing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, and included product list (products.md) align with an insurance-broker assistant. The skill requests no unrelated binaries, env vars, or config paths — everything requested is minimal and proportionate to the stated purpose.
Instruction Scope
Runtime instructions require collecting personal data (name, phone, age, health summary) and instruct the agent to produce a structured lead card. The SKILL.md does not specify where or how leads are transmitted, stored, or protected, which is a privacy/handling gap rather than a direct mismatch with purpose.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes code-execution and supply-chain risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. Requested user inputs (phone, name, etc.) are expected for a lead-capture skill; however, collecting health-related descriptions is sensitive and should be explicitly justified and protected.
Persistence & Privilege
always is false and the skill does not request persistent system privileges. There is no indication it modifies other skills or system configs.
Assessment
This skill appears to do what it claims (show insurance options and register leads) and does not install code or request secrets. Important considerations before installing/using: 1) It collects PII and health information — confirm you have the user's consent and limit what you collect to the minimum required. 2) Ask where lead data will be sent/stored and for how long (the skill text does not specify an endpoint or retention policy). 3) Do not supply highly sensitive identifiers (national ID, bank details) unless you verify secure transmission to an official, trusted endpoint. 4) Verify the broker identity and official contact channels if a user expects follow-up. 5) If you operate in a jurisdiction with data-protection rules, ensure the handling of personal/health data complies with those laws. Overall: functionally coherent, but treat data-handling and privacy procedures as the primary risk area.Like a lobster shell, security has layers — review code before you run it.
latestvk975s9xk1y2vagmexca8b63qah83482h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.