ClawHub

OpenClaw Contract Review

v1.0.1

公开发布的合同审核 Skill,通过统一工具入口触发 OpenClaw Contract Review Plugin。

0· 138·0 current·0 all-time
by@renzhiping
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Skill name/description match the files and declared compatibility. It only requires the plugin to be enabled (plugins.entries.openclaw-contract-review-plugin.enabled) and does not request unrelated binaries, environment variables, or secrets.
Instruction Scope
SKILL.md and referenced docs strictly constrain agent behavior (do not call tools until intent & prechecks pass, only call the contract_review tool, forbid reading files or fabricating data). This is coherent for a routing/orchestration skill. Note: the skill delegates login/resume/watch behavior to the plugin (automatic browser-based login and automatic resume after login are allowed by the spec), so runtime side-effects occur via the plugin, not in the skill files.
Install Mechanism
Instruction-only: no install spec, no downloaded code, and no archive extraction. Nothing is written to disk by the skill bundle itself.
Credentials
The skill declares no required env vars, no secrets, and its only configuration requirement is that the contract-review plugin be enabled. There are no disproportionate credential requests in the skill.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request permanent presence, nor does it modify other skills' config; it merely requires the plugin to be enabled. The only privilege of note is that the plugin (external to this skill) is expected to perform automatic resume and push notifications after browser login.
Assessment
This skill is a routing/orchestration document, not executable code: it only tells the agent how to interact with the openclaw-contract-review-plugin. Before enabling it, confirm the plugin (openclaw-contract-review-plugin) is installed from a trusted source and review the plugin's code/policy because the skill delegates login, file submission, SSE watch, and IM push behavior to that plugin. The skill itself does not request secrets, but the plugin will perform authentication flows (browser login, IM push to Feishu) and may store/session-manage credentials—verify those flows and privacy implications. If you cannot inspect the plugin, treat automatic resume after browser login and background watch/push behavior as potential operational/privacy impacts.

Like a lobster shell, security has layers — review code before you run it.

latestvk979svnga3f20pgctm3zt28ct584tcn0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Configplugins.entries.openclaw-contract-review-plugin.enabled

Comments