木瓜法律助手
提供专业法律咨询,自动提取案件要素,并生成完整案件分析报告,助力法律问题解决和案件管理。
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 37 · 0 current installs · 0 all-time installs
bymuguafabao@yzw23333
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and SKILL.md implement a legal-chat and case-analysis client that posts user text/files to an external Mugua API and requires an api_key and base_url. That capability matches the skill's stated purpose. However, the platform-level summary at the top of the submission claims no required env vars/credentials/config paths while the included metadata.json and SKILL.md declare an api_key and base_url — this metadata inconsistency is unexpected.
Instruction Scope
Runtime instructions explicitly send user-provided case text, uploaded files, and the configured api_key to the configured base_url. This is coherent with the described functionality, and the SKILL.md includes privacy warnings. Still, the skill will transmit potentially sensitive legal data and the api_key off-platform to whatever base_url is configured, so endpoint trust matters.
Install Mechanism
No install script or external downloads are present; the skill is instruction/code-only. It depends on the requests package (requirements.txt). No high-risk install behavior (no arbitrary URL downloads, no extract/installation of binaries) was observed.
Credentials
The skill legitimately needs an api_key and base_url to call the external service. That sensitive credential request is proportionate to the functionality — except the registry/manifest shown to the platform claims no required credentials, which is inconsistent and could cause users to unknowingly omit or mis-handle secrets. Also the default base_url is a non-obvious test domain (https://api.test.mugua.muguafabao.com/) — its trustworthiness is not established in the package.
Persistence & Privilege
always:false and no special system-level persistence or modifications are requested. The skill does not request elevated platform privileges or attempt to modify other skills' configs.
What to consider before installing
This skill behaves like a network client that will send user case text, uploaded files, and your api_key to the configured base_url. Before installing or enabling it: (1) Confirm where you will set the api_key and that the platform will store/transmit it securely — the submission's top-level registry metadata omitted any required credentials which is inconsistent. (2) Verify the base_url is an official, trusted Mugua endpoint (the provided default is a test domain); do not use real case data until you confirm the endpoint and privacy policy. (3) Test in an isolated environment with dummy data and a throwaway api_key. (4) Request publisher/source information or a homepage; absence of a trusted upstream increases risk. If you cannot verify the service or the credential handling, treat the skill as high-risk for sensitive data and avoid sending real personal information.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.2
Download zipconsultationlatestlawlegalmugua
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
木瓜法律咨询
简介
对接木瓜法律API,提供专业的法律咨询、案件要素提取和案件完整分析能力。
功能
- 法律咨询:针对用户法律问题提供专业解答
- 案件要素提取:从文本或文件中自动提取案件关键要素
- 案件完整分析:基于当事人信息、案由、事实和诉求生成完整案件分析报告
调用示例
法律咨询
{
"action": "legal_chat",
"prompt": "员工被口头辞退,我该如何维权?",
"stream": false,
"enable_network": false
}
案件要素提取
{
"action": "case_analysis",
"analysis_mode": "element_extract",
"input_text": "张三于2024年1月入职A公司,未签订劳动合同,2024年6月被口头辞退。"
}
配置说明
base_url: 木瓜API基础地址,默认为https://api.test.mugua.muguafabao.com/api_key: 木瓜API鉴权Token(Bearer Token),必须填写平台分配的完整Token值
许可证
MIT-0
数据安全与隐私提示
- 本Skill会将用户提供的案件文本、上传文件及配置的
api_key发送至您指定的base_url服务端,请务必确认该服务是您信任的官方服务。 - 请勿在未阅读并同意木瓜法律API隐私政策前,发送包含敏感个人信息的案件数据。
- 建议仅在隔离环境中测试,使用模拟数据验证功能后再处理真实案件。
安装前必看
- 确认
base_url为官方可信端点(当前默认是测试环境)。 - 必须配置
api_key(Bearer Token)才能正常调用API。 - 妥善保管
api_key,避免泄露。
Files
4 totalSelect a file
Select a file to preview.
Comments
Loading comments…