citic--auto--skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly coherent and aimed at official CITIC credit-card prefill, but it can store or show sensitive applicant data such as ID numbers without adequate masking.
Only use this skill if you are comfortable with a local assistant helping prepare a credit-card application. Keep the default browser profile, confirm every field, do the final submission yourself, and delete generated output files after use if they may contain personal information.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may type your confirmed personal details into a bank application page, but should not submit the application for you.
The skill instructs the agent to use browser automation to fill an official bank application form, which is high-impact but is clearly scoped to confirmed fields and stops before final submission.
仅填写已经确认的字段。遇到验证码、OTP、协议勾选、最终提交时停止。
Confirm the official URL, review every field before it is filled, and personally complete OTP, consent, credit authorization, and final submission.
A filled ID number or similarly sensitive field could appear unmasked in outputs that are described as masked previews.
Structured profile fields can include highly sensitive values, and the masking function falls through to returning the original value for fields without an explicit mask, including ID number.
# Full ID number is intentionally only accepted from structured JSON ... for field, value in json_profile.items(): ... masked_preview=mask_value(field, value_str) ... return v
Mask or exclude ID numbers and other high-sensitivity fields from previews and logs; require live user entry or confirmation for those fields.
Sensitive applicant data may remain on disk after the prefill task and could be exposed through workspace files or logs.
The generated application plan persists candidate fields, including raw values from the extractor, to a workspace output file without a stated retention or cleanup policy.
candidates = [c.__dict__ for c in build_candidates(workspace)] ... 'candidate_fields': candidates ... out_path.write_text(json.dumps(plan, ensure_ascii=False, indent=2)
Store only masked previews in persisted plan files, keep raw values transient when possible, and add a clear cleanup or deletion step.
If you choose the existing user browser profile, the agent may operate in a browser context that already has account sessions.
The skill may use an existing browser session profile, which can inherit logged-in state, but it limits this to explicit user request.
优先使用 OpenClaw 托管浏览器 profile `openclaw`。只有用户明确要求复用当前登录态时,才考虑 `user` profile。
Use the default OpenClaw-managed profile unless you specifically need an existing session, and avoid using existing sessions for unrelated sites.
There is limited review visibility into part of the recommender helper script.
The provided review artifact for this helper script is truncated, so the manual review cannot fully confirm the remainder of that file even though the static scan reported clean.
recommend_json(prof ...[truncated]
Review the complete source before installation or run it only in a trusted, low-privilege workspace.