ClawHub

Tender Analyzer

v0.1.0

Analyze tender and procurement documents (PDF, Word, images) to extract qualification requirements, scoring criteria, key deadlines, prohibited clauses, and...

1· 40·1 current·1 all-time
by@soul-code
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (tender parsing + extraction) align with what the skill requests and does: it requires a SoMark API key and the included script uploads files to SoMark and saves Markdown/JSON outputs. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and the script are consistent: user provides a file path, the script posts the file to SoMark, polls for results, and writes Markdown/JSON output. Note: the skill will upload the entire tender file (potentially sensitive) to an external service — SKILL.md says to inform the user that SoMark will parse the document, but users should be explicitly warned about sending confidential procurement documents to a third party.
Install Mechanism
No install spec (instruction-only + Python script). This is low risk from an install perspective. The included script requires Python and the aiohttp library, which are normal for this task; nothing is downloaded from arbitrary URLs and no archives are extracted.
Credentials
Only SOMARK_API_KEY is required and declared as the primary credential — appropriate for calling the SoMark API. The script uses the key only to authenticate requests to somark.tech. However, providing the key grants that external service the ability to process uploaded documents; users should ensure the key and documents are only given to a trusted provider and should not paste the key in chat.
Persistence & Privilege
Skill is not always-enabled and does not request persistent system-level privileges. It writes outputs to a user-specified output directory only. It does not modify other skills or system configuration.
Assessment
This skill appears to do exactly what it says: it uploads your tender file to SoMark (somark.tech) for parsing, then analyzes the returned Markdown/JSON. Before using it, verify that you trust somark.tech and its privacy/terms because the full document (which may contain sensitive or confidential procurement data) will be transmitted off your system. Do not paste your SOMARK_API_KEY in chat; set it as an environment variable as instructed. Ensure Python and the aiohttp package are installed and inspect the included tender_analyzer.py yourself (it is small and readable). If the documents are confidential, consider redacting sensitive parts or running the analysis only on non-sensitive excerpts, or ask the service provider for a data-processing agreement. If you want a higher assurance level, request evidence that somark.tech is the official SoMark endpoint and verify the domain/certificate and the provider's privacy policy; if the skill had contacted any other unknown endpoints or requested additional unrelated credentials, the assessment would be more concerning.

Like a lobster shell, security has layers — review code before you run it.

latestvk9737swpt2e1pqbf04vc7fbj9x849xyz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
EnvSOMARK_API_KEY
Primary envSOMARK_API_KEY

Comments