Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description claim: summarize public products, bills and announcements and not perform login/transactions. The SKILL.md matches this overall purpose (product summaries, announcements). It does reference extracting '个人账单概览' which requires a logged-in view, but the skill explicitly states it will not automate login. Because no credentials or install steps are requested, the declared capabilities are plausible but the bill-related task could be misread as requiring credentials if not handled as 'user-supplied, already-visible content'.
Instruction Scope
SKILL.md instructs visiting product/announcement pages and extracting specific fields — in-scope and limited. It also lists a '账单概览' flow that assumes a logged-in page is available to extract from but explicitly forbids automating login. The instructions do not tell the agent to read system files, environment variables, or to contact unexpected external endpoints. Ambiguity: the skill should require the agent to ask the user to provide the logged-in page content (paste/screenshot/export) rather than attempt any login or credential handling.
Install Mechanism
No install spec and no code files — instruction-only skill. This is the lowest-risk install posture; nothing is written to disk or fetched at install time.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to its stated function of summarizing public pages and processing user-supplied bill views.
Persistence & Privilege
always is false and the skill does not request elevated or persistent privileges. Autonomous invocation is allowed by default but the skill itself does not ask for force-inclusion or to alter other skills/configs.
Assessment
This skill appears coherent and lightweight, but be careful with any 'logged-in bill' work: never paste or type passwords or API tokens into the agent. If you want the agent to summarize your private bill page, export or copy-paste only the visible bill content or provide screenshots/HTML snippets — do not share login credentials. Confirm the agent follows the SKILL.md rule to avoid automating login or storing sensitive identifiers (card numbers, ID numbers). If you need stronger guarantees, ask the developer to add an explicit instruction that the agent must refuse credentials and only operate on user-supplied snapshots of logged-in pages.Like a lobster shell, security has layers — review code before you run it.
latestvk97dsazh8jhxpfzsxxpqqrr5rn834r56
License
MIT-0
Free to use, modify, and redistribute. No attribution required.