噗滋慈善 / pozzzi-charity
ReviewAudited by ClawScan on May 16, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Before installing, decide which model provider and communication channels you trust. Use dedicated API keys or bot accounts where possible, avoid entering unnecessary personal or highly sensitive financial data, and check where OpenClaw stores the plugin's audit logs because they are retained for at least 180 days. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Publisher note
公益开源工具,OSS Contributor 身份发布。不调用任何境外网络(API 白名单:api.hunyuan.cloud.tencent.com / api.deepseek.com / open.bigmodel.cn / ark.cn-beijing.volces.com / apix.lingxi360.com / docs.qq.com)。用户自带模型 API key,本插件不附带任何 API 凭证。强制 PII 过滤 + AI 标识 + 占位符硬编码不可关闭。仅发布 4 个低风险 Skill(report/application/document/management-advisor),4 个高风险 Skill 已从本包排除。详见 README.md 与 LICENSE
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your provider API key may be billed or rate-limited, and the content you ask the skill to process can be sent to the model provider you configure.
The skill expects users to configure their own model-provider API credentials. This is necessary for the stated model-assisted drafting purpose, but it gives the skill access to send prompts through the user's provider account.
至少一个国产模型 API Key:混元(推荐,有免费额度)/ DeepSeek / 豆包
Use a dedicated model API key with spending limits where possible, review the provider's data policy, and avoid entering highly sensitive personal or financial details unless you are comfortable sending them to that provider.
If you connect messaging channels, the OpenClaw runtime/channel integration may receive messages sent to that bot or account.
The documentation describes optional chat-channel setup using a personal WeChat login or a Telegram bot token. This is disclosed integration behavior, but it involves messaging-account credentials or sessions.
配置微信个人号 bot(草根 NGO 推荐) ... 扫码登录你的个人微信 ... openclaw channels add telegram --token <你的-bot-token>
Prefer dedicated bot accounts or tokens instead of personal accounts, and review OpenClaw channel permissions and message-handling scope before connecting production communication channels.
Some usage metadata, such as organization name, categories, timestamps, and hashes, may remain in local audit logs for six months or more.
The plugin requires audit-log retention for at least 180 days. The documentation says logs omit raw PII, and visible code logs hashes/metadata, but this is still persistent local recordkeeping.
"log_retention_days": { "type": "integer", "minimum": 180, "default": 180, "description": "日志保留天数,最小 180 天,不可调低" }Confirm where OpenClaw stores this plugin's logs, restrict access to that storage, and avoid putting personal data into fields that may be logged.
Running an unpinned installer can fetch whatever version is current at the time, which may differ from the reviewed artifact.
The documentation gives a user-run install command that uses the latest version of the installer. This is a common setup pattern and not automatic execution, but it is less reproducible than a pinned version.
npx clawhub@latest install pozzzi/report-assistant
Install from the official ClawHub/OpenClaw source and consider pinning installer or skill versions in production environments.