合同规则审阅助手
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for contract review, but it will use an AnyShare token to upload sensitive contracts, store review outputs, and create share links.
Install this only if you intend to process contracts in AnyShare and trust the AnyShare MCP/rule-review workflow. Before use, configure a limited token, verify the destination folder and link permissions, avoid uploading unintended contracts, and clean up any temporary local copies created during troubleshooting.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A token with broad AnyShare access could let the workflow create folders, upload files, and generate links as the user.
The skill requires an AnyShare bearer token so the agent/MCP service can act against the user's AnyShare account.
Token 须预先配置到 `~/.openclaw/workspace/config/mcporter.json` ... `"Authorization": "Bearer <your_token_here>"`
Use a least-privileged or short-lived token if available, store it only in the mcporter config, rotate it if exposed, and verify the credential scope before use.
Confidential contract text and generated review context may be processed and stored by AnyShare-related services rather than remaining only on the local machine.
The workflow sends contract content through an MCP/provider path and a rule-review assistant for indexing and analysis.
本技能依赖 `anyshare-asmcp` MCP 服务 ... `temporary-area` → `index-check轮询` → `smart_assistant`
Use this only for contracts that are allowed to be uploaded to AnyShare, and confirm your organization's retention, indexing, and access-control policies.
If the wrong file, folder, or link settings are used, contract material or review results could be stored or shared more broadly than intended.
The skill instructs tool use that mutates cloud storage and creates share links. This is disclosed and purpose-aligned, but it is high impact for confidential documents.
创建目录结构 ... 上传合同原文 ... 保存审阅报告 ... 生成分享链接 ... `file_sharedlink_realname_create`
Confirm the local file path, AnyShare destination, and share-link permissions before running; revoke or expire links that are no longer needed.
A sensitive contract copy could remain in a temporary local directory after upload.
The troubleshooting guide suggests copying a contract to /tmp to work around ACL issues, but does not mention deleting the temporary copy afterward.
cp "$LOCAL_FILE" "/tmp/$(basename "$LOCAL_FILE")" ... 然后上传 /tmp/ 中的副本
If using this workaround, delete the /tmp copy immediately after upload and ensure local file permissions are appropriate.