Ai Policy Brief
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to do what it says: it runs a local Python crawler to gather public AI-policy information, with no evidence of credential access, persistence, or destructive behavior.
Before installing, be aware that the skill asks you to install common Python scraping libraries and allows the agent to run its included crawler, which will make live requests to public policy and news websites. The artifacts do not show credential use, persistence, or destructive actions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the agent may run the included Python crawler on the user's machine.
The skill directs the agent to execute a local Python script automatically. This is clearly disclosed and aligned with the crawler-based purpose, but it is still local code execution that users should notice.
本阶段由 AI 自己调用工具执行脚本... 使用 `exec` 工具运行... `python ~/.openclaw/skills/ai-policy-brief/scripts/fetch_policy.py --days 30`
Install only if you are comfortable allowing this skill to run its included script; keep the command scoped to the documented fetch_policy.py invocation.
The installed package versions may vary over time and come from the user's configured Python package source.
The setup step installs third-party Python packages without version pins. This is a normal dependency pattern for a web crawler, but unpinned packages reduce reproducibility and supply-chain transparency.
pip install requests beautifulsoup4 lxml python-dateutil
Prefer a declared install spec or requirements file with pinned versions if reproducible installation is important.
Invoking the skill will contact public government, media, and aggregation websites from the user's environment.
The skill performs concurrent web requests to multiple public sites. This is central to the policy-brief purpose and the script includes rate-limit logic, but it is still external network activity.
并发爬取14个目标网站(国家级5个/广东省市2个/补充聚合1个/权威媒体6家)
Use it when live public web retrieval is acceptable, and adjust days, sources, or worker count if you want a narrower crawl.