v1.0.0

文员自动化助手

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:22 AM.

Analysis

This skill is coherent and simple, but it persistently saves whatever task or meeting text the user provides, so users should avoid entering sensitive information.

GuidanceThis appears safe for its intended use: formatting and saving simple office task notes. Before installing or using it, confirm that the exports directory is an acceptable storage location, and do not provide private, confidential, or regulated information unless you are comfortable with it being written to a file.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityInfoConfidenceMediumStatusNote

SKILL.md

该技能不涉及用户的个人隐私数据处理。

The documentation says the skill does not involve personal privacy data, but the skill accepts arbitrary user text and saves it. The claim may be too broad if users enter personal or confidential details.

User impactUsers might over-trust the privacy statement and include sensitive content in saved work tickets.

RecommendationTreat user-provided task and meeting text as potentially sensitive despite the documentation, and review what is being saved.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

office_auto.py

content = f"--- 自动化办公工单 ---\n生成时间: {datetime.datetime.now()}\n\n原始需求:\n{raw_text}\n\n状态: 待跟进\n---------------------"

The skill writes the user's raw task description into a persistent work-ticket file. This is expected for the skill, but meeting notes and office tasks may contain sensitive information.

User impactAnything the user asks the skill to record may be stored in a file and could later be read wherever the exports directory is accessible.

RecommendationUse the skill only for information appropriate to store as office records, and avoid including passwords, private personal details, or confidential meeting content unless the storage location is trusted.