Customer Profile Management
v1.0.4帮助保险代理人将pdf、Excel、Word、PPT等各类客户资料转化为个人客户信息资料库,方便小龙虾调用和使用,回答下列问题:"帮我为下个月生日的客户撰写个性化的生日祝福"、"帮我为每个保单客户撰写一份个性化的理财活动邀约",等等。
⭐ 0· 66·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the implementation: code implements document extraction (Excel/PDF/PPTX/DOCX), rule-based parsing, profile merging, and LLM calls for extraction/completion. Requiring an LLM API key is appropriate for the 'LLM-assisted extraction' design.
Instruction Scope
SKILL.md and the code explicitly read local files and send extracted text to the configured LLM endpoint for parsing/completion. This behavior is within the declared purpose but means full document text (which can include sensitive PII such as ID numbers, phone numbers, addresses) may be transmitted to the LLM. The README and SKILL.md warn about this, but the runtime instructions do not enforce redaction — that is left to the user.
Install Mechanism
No remote download/install script; dependencies are standard Python packages listed in requirements.txt (pandas, pdfplumber, python-docx, python-pptx, requests, etc.). Installing via pip is ordinary and proportionate to the task. No suspicious external URLs or archive extraction observed.
Credentials
The skill requires a single LLM API key (declared in skill metadata and SKILL.md) which is appropriate. There are no unexplained environment variables or config paths. However, _meta.json indicates user_consent_required: false while the tool processes sensitive personal data — users should ensure they obtain appropriate consent and use a trusted LLM endpoint. The skill does not request unrelated credentials.
Persistence & Privilege
The skill does not request always: true, does not modify other skills' configs, and does not require system-wide privileges or config paths. There is no evidence it attempts persistent remote registration or self-enablement beyond normal local operation.
Assessment
This skill appears coherent for extracting and managing insurance customer files, but it routinely sends extracted text to whatever LLM endpoint you configure. Before installing or using it: (1) confirm the LLM endpoint (base_url) is trusted and meets your privacy/compliance requirements; (2) avoid sending unredacted identifiers (ID numbers, bank accounts); perform local redaction if required; (3) keep the API key secret and use least-privilege credentials where possible; (4) review and pin dependency versions from requirements.txt before pip install; (5) consider running the tool in an isolated environment or on-premise if you handle regulated personal data; (6) obtain customer consent and ensure compliance with applicable data-protection laws (e.g., 中国《个人信息保护法》).Like a lobster shell, security has layers — review code before you run it.
latestvk97esgyn772efdmp94edrtvckx84dtfq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.