Contract Reviewer
v1.0.0Review business contracts for risks, missing clauses, unfavorable terms, and compliance gaps. Use when analyzing NDAs, MSAs, SaaS agreements, vendor contract...
⭐ 1· 786·10 current·11 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, and the SKILL.md all describe analyzing contracts and producing structured risk reports. The skill requests no binaries, env vars, or installs — appropriate for an instruction-only contract reviewer.
Instruction Scope
Instructions ask the user to provide contract text by paste, file, or URL and then analyze it against a clear checklist. The model is not instructed to read arbitrary system files or environment variables. One minor note: accepting a URL implies the agent may fetch remote content; the SKILL.md doesn't specify how to handle remote fetching or verify trust. Recommend clarifying that remote URLs should only be fetched with user consent and that sensitive content be redacted before submitting.
Install Mechanism
No install specification or code files are present; this is instruction-only, which minimizes risk from installation actions.
Credentials
The skill requires no environment variables, credentials, or config paths. There are no unrelated or excessive secret requests that would be disproportionate to the stated legal-review purpose.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-level privileges. Default autonomous invocation is allowed (platform normal), but there is no indication the skill attempts to modify other skills or system settings.
Assessment
This skill appears internally consistent for doing AI-assisted contract reviews, but it is not a substitute for legal advice. Before using: (1) avoid pasting unredacted sensitive or confidential data — contracts can contain PII and trade secrets; redact or test with non-sensitive samples first, (2) clarify how the agent will handle URLs (will it fetch remote files?) and only allow fetching trusted endpoints, (3) verify the skill publisher (source is unknown; the SKILL.md lists AfrexAI and a GitHub link—confirm that identity independently), and (4) if you will rely on its output for decisions, have a qualified attorney review the findings. If you want stronger privacy guarantees, require local-only processing or explicit data retention and transmission rules from the provider.Like a lobster shell, security has layers — review code before you run it.
latestvk97a1ervdmd1wdzjwz5rfe0br181rn6k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.