Ai Policy Brief
v1.5.0聚合国内最新AI相关政策,覆盖国家级(国务院、工信部、科技部、网信办等)和广东省及广州的政策动态,提供简报式解读。
⭐ 1· 118·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the included artifacts: SKILL.md describes aggregating AI policies and the repository contains a crawler (scripts/fetch_policy.py) plus a list of target sources (references/policy_sources.md). No unrelated credentials, binaries, or external services are requested.
Instruction Scope
SKILL.md instructs the AI to locate and autonomously execute the local script (using exec against an absolute path under the user's OpenClaw skill directory). That is coherent with the task but raises operational concerns: (1) the skill mandates the agent run code without asking the user; (2) it hard-codes expected OpenClaw install paths which may not match actual installs; and (3) the SKILL.md also tells users to run pip install dependencies manually before first use — contradictory to the 'AI must run it itself, no terminal needed' wording.
Install Mechanism
There is no install spec (instruction-only + bundled script). This avoids remote downloads, which reduces supply-chain risk, but executing bundled Python code is an active operation—the script requires third-party Python packages (requests/bs4/dateutil) that the SKILL.md asks the user to install locally. No network downloads or obscure URLs were observed in the provided files.
Credentials
The skill requests no environment variables, no credentials, and no configuration paths outside its own skill directory. The crawler accesses public websites only (government and news domains listed).
Persistence & Privilege
The skill is not marked always:true and does not request system-wide privileges. It only expects to run a script located in its own skill folder and does not modify other skills or global agent configuration in the visible files.
Assessment
This skill appears to be what it says: a local crawler that aggregates Chinese AI policy pages. Before installing/using it, review the bundled script yourself (scripts/fetch_policy.py) for any unexpected network endpoints or data-sending behavior (we reviewed the top of the file and saw only requests to public sites), and run it in a safe environment (local sandbox or VM) if you are unsure. Note two practical issues: (1) SKILL.md both says the AI should autonomously execute the script and also instructs the user to run pip install for dependencies — install the listed Python packages in a virtualenv or run the script manually once to verify it runs; (2) the instructions assume a particular OpenClaw skill path under your home dir—if your installation differs the agent may fail to locate the script. If you want less risk, run the crawler manually (python scripts/fetch_policy.py --days 30) and paste the JSON output to the agent rather than allowing it to execute the script autonomously. If you permit autonomous execution, consider limiting network access or monitoring outbound requests on first runs.Like a lobster shell, security has layers — review code before you run it.
aivk97ck703gzsnzja4s9g8yjhap583q7y4chinavk97ck703gzsnzja4s9g8yjhap583q7y4guangdongvk97ck703gzsnzja4s9g8yjhap583q7y4latestvk97bg8g7wb8ytcs4kfh8cxmg9h83x8rkpolicyvk97ck703gzsnzja4s9g8yjhap583q7y4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.