ClawHub

social-security-advisor

v1.0.0

This skill should be used when users ask about Chinese social security (社保) policies, contribution calculations, retirement benefits estimation, social secur...

1· 42·0 current·0 all-time
by@xhj2aidevs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (China social security advisor) match the included assets: multiple local reference docs and a calculator script for contribution/benefit estimates. There are no unrelated required binaries, env vars, or external credentials.
Instruction Scope
SKILL.md instructs the agent to read the provided reference files and run the packaged Python script for calculations. The instructions reference only the included files and known government websites for further guidance; they do not ask the agent to read system files, other skills' configs, or arbitrary environment variables.
Install Mechanism
No install spec — instruction-only with bundled script and docs. The highest-risk install behaviors (downloading/extracting remote archives, adding system-wide binaries) are not present.
Credentials
The skill declares no required environment variables, credentials, or config paths. The files contain author contact info (QQ/WeChat QR) but no requested secrets or tokens. This is proportionate for a policy/calculation assistant.
Persistence & Privilege
Skill is not force-installed (always: false) and does not request persistent system privileges. It does suggest using an external 'automation_update' tool to create reminders, which is an optional integration and not an automatic privilege escalation.
Assessment
This skill appears coherent and intended for local use (it reads bundled policy docs and runs the included Python calculator). Before installing or running: (1) open and quickly scan scripts/social_security_calculator.py to confirm there are no network calls, subprocess.exec usage, or code that reads unrelated system files; (2) run the script in a sandboxed environment or VM if you will execute it on sensitive systems; (3) avoid pasting sensitive personal credentials into chat when using the skill; (4) be aware the repository includes author contact (QQ/WeChat QR) — do not share private documents or credentials when contacting third parties. If you want, I can scan the full calculator script for network I/O, subprocess calls, or filesystem access and point to any lines that merit attention.

Like a lobster shell, security has layers — review code before you run it.

latestvk978x76w65ed4qhs56je94r65h841tg5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments