ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Contract Intelligence Review

v1.0.2

Upload a contract PDF to receive AI-powered text extraction, contract type detection, and a detailed risk analysis report with severity grading and recommend...

0· 83·0 current·0 all-time
byYK-Global@billjamno58

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for billjamno58/contract-intelligence-review.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Contract Intelligence Review" (billjamno58/contract-intelligence-review) from ClawHub.
Skill page: https://clawhub.ai/billjamno58/contract-intelligence-review
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install contract-intelligence-review

ClawHub CLI

Package manager switcher

npx clawhub@latest install contract-intelligence-review
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md align with the stated purpose: PDF extraction, contract-type detection, and sending text to an AI service for risk analysis. Billing via SkillPay is coherent with the documented per-call charge. However, the registry metadata claims no required environment variables while SKILL.md and the code require several (OPENAI_API_KEY, SKILL_BILLING_API_KEY, FEISHU_USER_ID, etc.), which is an inconsistency between the manifest and the runtime instructions.
Instruction Scope
SKILL.md directs the agent to fetch files from Feishu, URLs, or local paths and to store them under /tmp/contracts/<uuid>.pdf; it also instructs sending extracted text to an OpenAI-compatible API and using SkillPay for billing. Those actions are within scope for a contract-review skill. Items to note: the SKILL.md instructs use of Feishu-specific fetchers (feishu_im_bot_image / feishu_im_user_fetch_resource) but the included Python code does not implement Feishu integration — that must be performed by the agent runtime. SKILL.md explicitly transmits a Feishu user id to a third-party billing API (skillpay.me) which is expected for billing but is additional data sharing.
Install Mechanism
There is no install spec (instruction-only install), which minimizes disk-level install risk. However, a requirements.txt is included (PyMuPDF, pdfplumber, pytesseract, pdf2image, openai) but no install step is declared in the manifest — inconsistent but not immediately dangerous. Also, requirements.py lacks numpy which the OCR routine uses, indicating sloppy packaging rather than malicious behavior.
!
Credentials
The skill requires sensitive environment variables (OPENAI_API_KEY for AI calls; SKILL_BILLING_API_KEY for SkillPay billing; FEISHU_USER_ID is sent to billing). Those are proportionate to the declared features, but: (1) the registry metadata lists none — a mismatch that can hide the needed secrets from reviewers; (2) the code also reads fallback vars (OPENAI_API_KEY_FALLBACK, OPENAI_API_BASE_FALLBACK) not documented in SKILL.md; and (3) billing transmits user identifier data to a third-party (skillpay.me). If you plan to analyze sensitive contracts, note that the full extracted text is sent to an external model provider (OpenAI/MiniMax/custom) and to the billing service, so keys and user IDs will be exposed to those services.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent settings, and only writes temporary files under /tmp. It does perform network calls (AI provider and billing API), which is expected and documented. No elevated persistence or privilege escalation behavior observed.
What to consider before installing
This skill is functionally coherent with its described purpose, but there are inconsistencies and privacy implications you should weigh before installing: - Metadata mismatch: The registry lists no required env vars, but the SKILL.md and code require OPENAI_API_KEY, SKILL_BILLING_API_KEY, and FEISHU_USER_ID (and optionally OPENAI_API_BASE and fallback keys). Treat the SKILL.md as the authoritative runtime requirement, not the registry metadata. - Data sharing: The skill will send the extracted contract text to an external AI provider (OpenAI/MiniMax/custom endpoint) for analysis. The billing process will transmit FEISHU_USER_ID (and potentially other billing info) to a third-party endpoint (https://skillpay.me). Do not use with highly sensitive contracts unless you accept that data will be shared with those endpoints and have confirmed their privacy/processing policies. - Billing behavior: If SKILL_BILLING_API_KEY is missing or if the billing request fails, the code can fall back to a 'dev mode' that allows processing without charging. This may be intentional for development, but it means billing checks can be bypassed on network failure—verify this behavior if you rely on accurate billing. - Secrets management: Use a dedicated API key with minimal scope (or a separate billing account) rather than your primary production keys. Confirm which AI endpoint will receive data and whether that provider will retain or log inputs. - Packaging/integrity: The repository includes requirements.txt but no install recipe; dependencies and missing packages (e.g., numpy used in OCR) suggest immature packaging. Review the code and test in a sandboxed environment before providing real contract data. If you want to proceed, verify the SkillPay domain, confirm privacy/retention policies for the AI provider you will use, supply keys scoped to a test account, and run initial tests on non-sensitive sample contracts in a sandbox.

Like a lobster shell, security has layers — review code before you run it.

latestvk971am3ep577h7f3w02db3k6ts85hqf2
83downloads
0stars
3versions
Updated 3d ago
v1.0.2
MIT-0
YK-Global@billjamno58
latest
Download

Contract Intelligence Review

Slug: contract-intelligence-review Platform: ClawHub (clawhub.ai) Category: Legal & Compliance / Productivity Tags: contract, risk, legal, PDF, AI, analysis, contract-review

What This Skill Does

Upload any contract PDF and get an instant AI-powered risk analysis report. Automatically detects contract type (Labor, Procurement, Sales, Lease, NDA), extracts key terms, and generates a structured risk list graded by severity (HIGH / MEDIUM / LOW).

Supports both Chinese and English contracts. Ideal for procurement teams, HR departments, freelancers, and small businesses needing quick contract reviews without hiring a lawyer.

Workflow

Step 1 — Receive Contract File

Download the PDF:

  • Feishu attachment → use feishu_im_bot_image or feishu_im_user_fetch_resource with type=file
  • Local path → use directly
  • URL → use web_crawl or fetch

Store at /tmp/contracts/<uuid>.pdf.

Step 2 — Extract Text from PDF

Try in order:

  1. PyMuPDF (fitz) — best for text-based PDFs
  2. pdfplumber — good for tables
  3. OCR (pytesseract) — for scanned/image PDFs (with chi_sim+eng language packs)

If text extraction yields < 50 characters, offer OCR processing.

Step 3 — Detect Contract Type

Classify from extracted text:

  • Labor Contract
  • Procurement Contract
  • Sales Contract
  • Lease Contract
  • NDA / Confidentiality Agreement
  • Other

Detect language: Chinese / English / Bilingual.

Step 4 — AI Risk Analysis

Send extracted text to AI model. Returns structured JSON:

  • Summary (200 words or less)
  • Key terms table (PRO tier)
  • Risk list with level (HIGH/MEDIUM/LOW), category, description, clause reference, recommendation
  • Overall risk score (1-10)

Step 5 — Render Report

Deliver a formatted markdown report:

  • Summary
  • Key terms table (PRO)
  • Risk list by severity level
  • Statistics
  • Legal disclaimer

Step 6 — Export (PRO)

CSV export available for Standard and above tiers.

Tiered Features

FeatureFREEPRO
Contract typesOther onlyAll 6 types
Summary + Risk list
Key terms table
Excel/CSV export
Batch processing
Risk comparison

Pricing

Per-call billing (no monthly fee):

TierPrice per Call
FREE$0.00 USDT
PRO$0.01 USDT

Each contract analysis = one billable call.

Billing

This skill uses SkillPay (skillpay.me) for per-call billing.

Fee: $0.0100 USDT per call (all paid tiers) External API: https://skillpay.me/api/v1/billing Data transmitted: User identifier (FEISHU_USER_ID environment variable)

Billing occurs at the start of each contract analysis. If balance is insufficient, the tool returns a payment_url where the user can recharge.

Required Environment Variables

VariableDescription
FEISHU_USER_IDFeishu user open_id for billing identification
OPENAI_API_KEYAI model API key (OpenAI, MiniMax, or OpenAI-compatible endpoint)
OPENAI_API_BASEBase URL for AI API (optional, defaults to MiniMax endpoint)
SKILL_BILLING_API_KEYBuilder API Key from skillpay.me (required for paid calls)
SKILL_BILLING_SKILL_IDSkill slug on SkillPay (defaults to contract-intelligence-review)

Error Handling

ErrorHandling
PDF yields < 50 charsOffer OCR; if OCR also fails, report failure and suggest a text-based PDF
AI analysis failsReturn error; suggest retry
Insufficient balanceReturn payment_url for recharge
Network error on billingAllow call through in dev mode (no charge)
Unsupported file typeInform user only PDF is supported

Technical Stack

  • PDF Text: PyMuPDF (fitz) + pdfplumber
  • OCR: pytesseract + pdf2image (language packs: chi_sim+eng)
  • AI Analysis: OpenAI-compatible API (MiniMax / OpenAI / custom endpoint)
  • Report Export: CSV module (Excel-compatible)
  • Billing: SkillPay API (skillpay.me)

Output Example

## Contract Risk Analysis Report

**Contract Type:** Labor Contract
**Language:** Chinese
**Overall Risk Score:** 6/10 — Medium Risk
**Text Extraction:** Direct extraction

---

### Summary
[200-word summary in contract language]

---

### Key Terms
| Term | Content |
|------|---------|
| Parties | Employer / Employee |
| Contract Value | Not specified |
| Payment Terms | Monthly salary, 15th of each month |
...

### Risk Report

#### HIGH Risk (2 items)
1. **No overtime pay rate specified**
   - Category: liability
   - Clause: Article 4
   - Description: ...
   - Recommendation: ...

#### MEDIUM Risk (1 item)
...

---
**Disclaimer:** This report is for informational purposes only and does not constitute legal advice.

Comments

Loading comments...