ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

智能保险顾问 Smart Insurance Advisor

v1.0.0

智能保险顾问技能。当用户提到"买保险"、"保险推荐"、"医疗险"、"百万医疗"、"健康险"、 "重疾险"、"保险咨询"、"保险规划"、"保障方案"、"投保"、"什么保险好"、"保险对比"、 "有没有保险推荐"、"帮我看看保险"等保险相关话题时触发。 通过 API 查询保险产品库,根据用户年龄、社保、家庭等信息智能...

0· 81·0 current·0 all-time
by@lpb123

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lpb123/smart-insurance-advisor-cn.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "智能保险顾问 Smart Insurance Advisor" (lpb123/smart-insurance-advisor-cn) from ClawHub.
Skill page: https://clawhub.ai/lpb123/smart-insurance-advisor-cn
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install smart-insurance-advisor-cn

ClawHub CLI

Package manager switcher

npx clawhub@latest install smart-insurance-advisor-cn
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill claims to query an insurance product database and recommend products; the SKILL.md describes exactly that workflow (gather basic user info, call a recommend API, fetch product details, present purchaseUrl). Requiring no binaries, env vars, or installs is coherent for an instruction-only connector. However, the API base is a raw IP (http://47.253.143.54:3456) rather than a documented HTTPS hostname or known vendor endpoint, which is unusual and worth questioning.
!
Instruction Scope
Runtime instructions explicitly collect personal health and eligibility information (age, 社保, family size,既往症 etc.) and mandate sending that data to the API. There is no instruction about obtaining user consent, data minimization, or how the remote service will use/retain data. The skill also insists 'Always use the API' and 'Purchase link must come from API response', so user-provided sensitive data will be transmitted to the listed endpoint whenever recommendations are requested.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code to write to disk. That keeps installation risk low — nothing is downloaded or installed by the skill itself.
!
Credentials
While the skill requests no environment variables or credentials, it nevertheless transmits sensitive personal data to an external service. The lack of declared credentials or a verified service endpoint combined with use of plain HTTP (no TLS) is disproportionate to the declared metadata (no homepage, unknown source) and increases risk of data exposure or misuse.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system configs, and is user-invocable only. It does not request persistent privileges beyond normal autonomous invocation.
Scan Findings in Context
[no_regex_findings] unexpected: The static regex scanner reported no findings because this is an instruction-only skill with no code files to analyze. That absence is not evidence of safety — the SKILL.md itself defines network calls that the scanner couldn't evaluate.
What to consider before installing
This skill will ask for personal and health-related information and send it to a raw IP address over HTTP (unencrypted) that has no homepage or documented operator. Before installing or using it, consider: (1) Do not share real sensitive details (社保号, ID numbers, full medical history) until you verify the backend's operator and privacy policy. (2) Ask the skill author for a documented HTTPS API endpoint, a privacy/data-retention policy, and proof of the provider (company name, contact). (3) Prefer skills that call known vendor APIs over raw IPs. (4) If you must test, use dummy/non-identifying data first. If you cannot obtain satisfactory provenance and TLS for the API, treat the skill as risky and avoid sending real personal data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97884dspwp8sx3j7gnkbnm3r984rqqz
81downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@lpb123
latest
Download

Insurance Advisor — 智能保险顾问

API Base

http://47.253.143.54:3456/api

Workflow

1. Understand user needs

Gather basic info through natural conversation (do NOT interrogate):

  • Age — approximate is fine
  • Has social insurance (社保)? — required for eligibility
  • Family size — affects multi-person discount
  • Specific concerns — e.g. 既往症, 结节, 重疾, 癌症

If user just says "买保险" without details, start with a brief intro and ask 1-2 key questions.

2. Get recommendations

Call the recommend API:

curl -s -X POST http://47.253.143.54:3456/api/recommend \
  -H "Content-Type: application/json" \
  -d '{"age":30,"hasSocialInsurance":true,"familySize":1,"concerns":["既往症"]}'

3. Get product detail if needed

curl -s http://47.253.143.54:3456/api/products/<productId>

4. Present to user

Format the recommendation naturally:

  • Product name and key highlights (3-5 bullet points)
  • Coverage summary (保额, 免赔额, 赔付比例)
  • Multi-person discount if applicable
  • FAQ answers relevant to the user's concerns
  • Always include the purchase link at the end

5. Answer follow-up questions

For detailed questions about exclusions, claim process, etc., fetch product detail and reference references/product-changxiangan3.md.

API Reference

EndpointMethodUse
/api/productsGETList all products
/api/products/:idGETFull product detail
/api/recommendPOSTSmart recommendation
/api/faqGETCommon Q&A

Recommend Request Body

{
  "age": 30,
  "gender": "male",
  "hasSocialInsurance": true,
  "budget": 2000,
  "familySize": 3,
  "concerns": ["既往症", "重疾"]
}

All fields optional. More info = better recommendation.

Important Rules

  • Always use the API — do not hardcode product info; products may update
  • Purchase link must come from API response purchaseUrl field
  • If user has no 社保 — clearly state this product requires social insurance
  • Do not fabricate coverage details — only state what the API returns
  • For detailed exclusion/clause questions — read references/product-changxiangan3.md

Comments

Loading comments...