AI Customer Service Automation
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is instruction-only, but it advertises autonomous customer replies, ticket creation, and knowledge-base learning without declaring credentials, data boundaries, or approval controls.
Treat this as an unverified marketing/instruction stub, not a ready customer-service system. Do not connect production channels, ticketing systems, or historical customer data until the implementation, credential scopes, approval gates, data-retention rules, and rollback procedures are documented and tested.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
It could send incorrect messages to customers or create business tickets without a clear human review gate.
The skill directs automatic customer responses and automatic ticket creation, but the artifacts do not provide limits, approvals, rate controls, or rollback guidance for these business-impacting actions.
✅ 智能问答:自动回复 80% 常见问题 ✅ 工单系统:复杂问题自动创建工单 ... ticket: provider: jira autoCreate: true
Require explicit user approval before production replies or ticket creation, define allowed channels/providers, use sandbox testing first, and document escalation and rollback procedures.
Users may connect broad business accounts without understanding what permissions the skill needs or what actions it can take.
These integrations imply delegated access to third-party customer-service, messaging, and ticketing accounts, while the registry metadata declares no credential contract or permission scope.
provider: jira # or feishu/dingtalk ... channels: - feishu - wechat - telegram
Declare exact credential types and scopes, use least-privilege bot or service accounts, document revocation, and avoid connecting production accounts until implementation details are reviewed.
Customer conversations, policies, or other sensitive business information could be absorbed into future answers without clear controls.
The skill indicates persistent use of historical conversations and knowledge-base files, but does not define import scope, exclusions, storage, retention, redaction, or cross-task reuse.
✅ 知识库同步:自动学习历史对话
...
knowledgeBase:
files:
- ./docs/faq.md
- ./docs/policy.pdfLimit approved source files and conversation sets, redact personal data, define storage and retention rules, and require user review before adding new material to the knowledge base.
Users cannot verify how the advertised automation and integrations are actually implemented from the provided artifacts.
The package points to an implementation file, but the provided manifest contains no index.js and there is no install spec. This is a completeness/provenance gap rather than direct evidence of hidden malicious code.
"main": "index.js"
Provide the reviewed implementation files or remove the stale entry point, document provenance, and declare any dependencies or runtime integration requirements.