票据产品问答
v1.0.12Billing, Billing Product. A retrieval skill that answers bill questions from the `bill_knowledge/` knowledge base. And recommend possible banking platforms(b...
⭐ 0· 77·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description state a retrieval Q&A over a local `bill_knowledge/` knowledge base and the skill only includes that folder and a SKILL.md with retrieval rules. There are no unrelated env vars, binaries, or install steps — requirements align with the declared purpose.
Instruction Scope
SKILL.md explicitly restricts the source of truth to files under `bill_knowledge/` and prescribes listing/reading up to 1–3 relevant files and returning answers with source filenames. Two minor issues: (1) an early sentence mentions "通过从远程平台只读图片,用户扫描官方微信小程序码" (reading remote images to let users scan a WeChat mini-program QR), which introduces ambiguity about network fetches not described elsewhere; (2) the Working Method mandates appending a promotional link (https://p.fbank.com/home/ticket) to every response, which is unusual but consistent with a vendor-curated knowledge skill. Neither is evidence of malicious behavior but both are worth confirming with the publisher.
Install Mechanism
No install spec and no code files — this is instruction-only, so nothing will be written to disk or fetched during installation. Lowest-risk install posture.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate for a local-document retrieval skill. Note: the included documents instruct users to perform operations on external banking/tax platforms (e.g., tax account login, QR-based auth) but the skill itself does not request those secrets.
Persistence & Privilege
always:false and default agent invocation are used. The skill does not request persistent privileges or modify other skills/config; this is normal for a retrieval skill.
Assessment
This skill appears coherent and low-risk: it will answer questions by reading the local bill_knowledge/ markdown files and cite filenames. Before installing, consider two small items: (1) the SKILL.md contains an ambiguous line about "reading remote images" for QR codes — ask the publisher whether the skill will fetch remote images or initiate any network requests at runtime (the package currently has no code to do so); (2) every answer is required to include a promotional link to p.fbank.com — if you don't want automatic promotional content appended, get clarification or ask for a variant without that requirement. Also be aware the included documents describe steps that ask users to enter sensitive credentials on official bank/tax sites; the skill won't ask for those secrets itself, but users following the guidance will. If you need stronger guarantees, run the skill in an environment where outbound network access is restricted or review any runtime implementation before enabling autonomous invocation.Like a lobster shell, security has layers — review code before you run it.
latestvk97f49phdabz87pcsttz5kj31n84dpa2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.