OPC Contract Manager
PassAudited by ClawScan on May 1, 2026.
Overview
This contract-management skill is coherent and purpose-aligned, but users should notice that it runs a local Python helper and stores a local archive of sensitive contract information.
This skill appears suitable for its stated contract-review and contract-ops purpose. Before installing, make sure you trust the package source, understand that it can run a bundled Python script for deadline checks, and keep the generated contracts archive out of shared or public locations.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked for review, archive, or dashboard workflows, the agent may run a bundled script that reads the local contract index to surface urgent deadlines.
The skill instructs the agent to run a local Python helper automatically in certain modes. The behavior is disclosed and related to deadline tracking, but users should know it executes local code.
If it exists, run: `python3 [skill_dir]/scripts/deadline_checker.py --days 7 --json [contracts_dir]`
Install only from a trusted package source and be comfortable with the bundled Python helper running against your local contracts directory.
A user may install the skill expecting no runtime dependency, but deadline/archive features rely on Python being available.
The README documents a Python dependency for archive scripts, while the registry requirements list no required binaries. This is a metadata/dependency declaration gap rather than evidence of malicious behavior.
Python 3.8+ (for archive scripts — stdlib only, no pip install needed)
Confirm Python is available before using archive or deadline features, and prefer a trusted, reviewed copy of the skill.
Confidential contract terms and business metadata may remain on disk and influence future deadline, search, or portfolio-insight outputs.
The skill creates a persistent local archive containing contract originals, metadata, reports, indexes, and portfolio insights. This is central to the skill, but the stored information can be sensitive and reused in later searches or dashboards.
contracts/ ├── INDEX.json ... ├── INSIGHTS.json ... └── original-contract.pdf
Store archives only in intended private folders, avoid committing them to shared repositories, and periodically verify or clean the generated index and insight files.