OPC Contract Manager
v1.1.0Contract Review + Contract Ops Copilot for solo entrepreneurs. Analyzes contracts, flags risks, generates redline suggestions and negotiation emails, tracks...
⭐ 0· 184·0 current·0 all-time
byLeon Fan@leonfjr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the provided assets (14-item checklist, reference docs, templates, archive/index scripts). No unrelated environment variables, binaries, or cloud credentials are requested.
Instruction Scope
Runtime instructions direct the agent to load local reference files and to check/run the included Python scripts against a local contracts/INDEX.json; that is appropriate for an archive/deadline tool. One minor mismatch: the SKILL.md accepts PDFs as input but does not ship a PDF text-extraction dependency — that likely assumes the host platform provides attachment parsing. Otherwise the instructions stay within the stated scope and do not instruct network exfiltration or access to unrelated system paths.
Install Mechanism
No install spec — instruction-only with two bundled Python scripts. The scripts reference only the Python stdlib in the visible deadline_checker.py; no external downloads, obscure URLs, or extract/install behavior are present in the provided files.
Credentials
No required environment variables, no declared credentials, and no requests for unrelated secrets or config paths. The skill will read/write contract metadata under a contracts/ directory (expected for this purpose).
Persistence & Privilege
always:false (normal). The skill is designed to create and update a local contracts/ archive (INDEX.json, metadata, reports). This file-system persistence is expected for archive features but is a meaningful privilege — the skill will store potentially sensitive contract data on disk.
Assessment
This skill appears coherent with its stated purpose, but take these practical precautions before installing or using it: 1) Review the two shipped Python scripts (deadline_checker.py and index_builder.py) yourself to confirm there are no unexpected network calls or filesystem operations you don't want; both are present and readable in the package. 2) Be aware the skill will read and write a local contracts/ directory (INDEX.json, metadata, reports) and may surface sensitive contract contents — only run it in an environment where storing those files is acceptable. 3) The SKILL.md accepts PDFs but no PDF parser is bundled — ensure your platform properly extracts PDF text or provide contract text if necessary. 4) Because the skill is instruction-only and can execute included scripts, prefer installing it from a known/trusted source (or inspect the GitHub repo mentioned in README) and consider running it in a sandboxed environment if you have any doubts. 5) No network endpoints or credentials are required by the skill as provided; if a future version adds external integrations, re-evaluate credentials and network behavior before trusting it.Like a lobster shell, security has layers — review code before you run it.
contractvk974c01fstnhas90b5cp2drm0s830n19latestvk974c01fstnhas90b5cp2drm0s830n19legalvk974c01fstnhas90b5cp2drm0s830n19one-person-companyvk974c01fstnhas90b5cp2drm0s830n19reviewvk974c01fstnhas90b5cp2drm0s830n19solopreneurvk974c01fstnhas90b5cp2drm0s830n19
License
MIT-0
Free to use, modify, and redistribute. No attribution required.