ClawHub

DeepLink Agentic

v1.1.0

深度智联 Agentic 智能体 Skill。让用户告别碎片化查询,由 AI 智能体统筹复杂的房地产行业研究任务。支持房地产市场分析、土地研判、房地产企业分析、房地产项目案例分析、房地产项目设计建议、政策解读、物业行业资讯(日/周/月报)、物业行业招投标监测等房地产行业研究任务的创建、进度查询、成果获取与迭代优化...

0· 100·0 current·0 all-time
by@shirleydddd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match implementation: the skill's CLI and SKILL.md talk to agentic.dichanai.com for creating/monitoring research tasks. Required binary (python3), the requests dependency, and a single AGENTIC_TOKEN are all expected for this purpose.
Instruction Scope
Instructions explicitly instruct the agent to send user queries and any user-uploaded files to agentic.dichanai.com and to use the provided CLI. The SKILL.md requires the agent to inform the user that data will be sent to agentic.dichanai.com (good). It also directs the agent to upload files and to poll for HITL states. This behavior is coherent, but it means user data and uploads will be transmitted to the remote platform (declared in the doc).
Install Mechanism
Install spec only pulls in the 'requests' package (reasonable). The skill also instructs manual update via fetching a .skill file from the platform; that implies a remote update path (host: agentic.dichanai.com). This is expected for a hosted service but poses the usual update risk: if the remote update source is compromised, updated skill files could change behavior.
Credentials
Only AGENTIC_TOKEN is required and used as the primary credential, which is proportionate. Two caution points: (1) the token renewal flow prints NEW_TOKEN to stdout and asks the operator/agent to update AGENTIC_TOKEN — if the agent forwards terminal output to users, the token could be leaked; (2) token scope is unspecified — a broadly privileged token would increase risk. Both are operational considerations rather than inconsistencies.
Persistence & Privilege
always is false and the skill does not request system-wide privileges or alter other skills. Autonomous invocation is allowed (platform default) but not combined here with other suspicious privileges.
Assessment
This skill appears to do what it says: it forwards user queries and any user-uploaded files to agentic.dichanai.com using AGENTIC_TOKEN. Before installing, confirm you trust agentic.dichanai.com. Avoid uploading highly sensitive data unless you understand that it will be transmitted to that service. Be aware the token-renewal step prints a NEW_TOKEN value to the terminal — ensure your agent or workflow will not accidentally share that output with others or with the user. Prefer using a least-privilege or short-lived AGENTIC_TOKEN if possible, and rotate the token if you suspect it was exposed. Finally, note the update instructions which can replace local skill files from the remote host — keep that trust boundary in mind because compromised updates could change behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk973d0hvzgqfr9430vsnqmx9kx8419vw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvAGENTIC_TOKEN
Primary envAGENTIC_TOKEN

Install

uvuv tool install requests

Comments