Zhang Doc Automation
v1.0.0自动生成合同、诉讼文书及法律意见,提供专业法律咨询和案例分析支持。
⭐ 0· 83·0 current·1 all-time
by张律师@sealawyer2026
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (legal document automation) aligns with the provided assets: a short SKILL.md and a large case-library.json of example cases. There are no unexpected environment variables, binaries, or install steps required that would be disproportionate to generating documents and doing case-based analysis.
Instruction Scope
SKILL.md is very minimal and does not specify operational limits or explicit runtime steps; it simply directs callers to use the skill for legal consultation and case analysis. That brevity grants the agent some discretion about which local data (e.g., case-library.json) to use. The SKILL.md does not instruct reading unrelated system files, contacting external endpoints, or accessing credentials.
Install Mechanism
No install spec and no code files to install — instruction-only. This is the lowest-risk install pattern (nothing written to disk beyond the provided manifest).
Credentials
The skill declares no required environment variables, credentials, or config paths. The included case-library.json appears to be a local dataset of public-sounding sources; there are no fields requesting tokens, secrets, or unrelated service credentials.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system presence. Default autonomous invocation is allowed by platform policy but the skill itself does not ask for elevated privileges.
Scan Findings in Context
[no-regex-findings] expected: The static regex-based scanner had no code files to analyze and reported no findings. This is expected for an instruction-only skill with a local JSON case library.
Assessment
This skill appears internally consistent with its stated purpose, but consider these practical checks before installing or using it:
- Review case-library.json for any sensitive or private data (PII) that might be present; if you will feed client information to the skill, avoid including real client identifiers in prompts unless you trust retention/usage policies.
- Ask the skill author (or require in your deployment) for a short runtime description: what local files it reads, whether it sends data externally, and any retention/logging behavior. The SKILL.md is minimal and doesn't describe these details.
- Verify licensing and source of the case library if you need to redistribute generated templates (copyright/compliance risk). The skill lists government sources but origin is "unknown" in registry metadata.
- Because this generates legal text, treat outputs as drafts and have a qualified lawyer review them before use; do not rely on the skill for final legal advice.
- Run initial tests with non-sensitive example prompts to confirm the skill's behavior (that it only uses local cases and does not attempt network calls or request secrets).
Overall, there are no technical red flags (no secret requests, no installers, no hidden endpoints), but procedural and privacy checks above are recommended.Like a lobster shell, security has layers — review code before you run it.
latestvk97evhpb2643mgqpsacqtsfyzh84ahdj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.