企业战略规划
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: enterprise-strategic-planning Version: 1.0.0 The skill bundle is a well-structured framework for enterprise strategic planning, guiding users through a 7-step consulting process (PEST, SWOT, goal setting, etc.). The instructions in SKILL.md and the reference files (e.g., 战略规划7步引导流程.md) are professional, transparent, and strictly aligned with the stated purpose. There are no indicators of data exfiltration, malicious command execution, or prompt injection; the skill even includes explicit constraints against leaking information or fabricating data.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Confidential company plans, financial assumptions, competitor details, or staffing information could be retained or reused beyond the current task without the user clearly understanding or controlling that reuse.
The skill handles sensitive enterprise strategy inputs, promises current-analysis-only use, but also instructs recording user-provided information to enrich a knowledge base. The artifacts do not define consent, retention, deletion, anonymization, or boundaries for this reuse.
“用户提供的所有信息仅用于本次分析,不做他用” ... “记录以下信息用于持续优化” ... “用户补充的信息 | 丰富知识库”
Before use, clarify whether any information will be stored, where it is stored, how long it is kept, whether it is reused for other users or future sessions, and how users can opt out or delete it.
A user may trust the assistant with confidential strategic information because of the privacy wording, while the skill’s own instructions leave room for later reuse.
The privacy reassurance conflicts with the later instruction to use user supplemental information to enrich a knowledge base. This mismatch may lead users to share sensitive business details under an incomplete privacy understanding.
“不泄露信息:用户提供的所有信息仅用于本次分析,不做他用” ... “用户补充的信息 | 丰富知识库”
Revise the skill to make privacy and reuse terms consistent, explicit, and consent-based. Do not claim current-analysis-only use if any information may be retained or used for optimization.
The business-planning content may be processed by other document-generation skills to create Word or PPT files.
The skill can hand off user-provided planning content to document-generation skills, but the instruction says this happens only after the user chooses to generate files and it is aligned with the stated purpose.
“如用户选择生成文档,使用 `docx` 和 `create-ppt` 技能分别生成”
Only generate files when intended, and avoid including confidential details in exported documents unless they are meant to be shared or stored.