企业年金查询技能
v3.2.1智能查询企业年金及职业年金,自动识别单位性质和年金类型,多渠道验证并输出带来源链接的标准调查报告。
⭐ 0· 110·0 current·0 all-time
by鄢文哲@yanwenzhe
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (企业年金查询) match the included artifacts: SKILL.md, search/generate/batch scripts, config template and reference docs. Declared dependencies (curl, jq) and optional search API env vars (TAVILY_API_KEY, SEARXNG_URL) are coherent with a web‑search/scraping/reporting skill.
Instruction Scope
Runtime instructions direct the agent to run local scripts (./scripts/search.sh, generate_report.sh, batch_query.sh) which perform web searches, scraping and aggregation and then produce Markdown reports with source links. This is in‑scope for the stated purpose, but the instructions grant broad discretion for network calls and multi‑channel scraping — review the search.sh implementation for any aggressive crawling, follow/redirect handling, or actions that collect personal data.
Install Mechanism
No install spec is provided (instruction‑only with local scripts), so nothing is downloaded or extracted during install. All files are present in the skill bundle and no external installers or obscure URLs are used in the provided material.
Credentials
No required secrets are requested. Two optional environment variables (TAVILY_API_KEY and SEARXNG_URL) are plainly tied to search providers mentioned in the docs and are proportionate to improved search functionality; config.template.json controls behavior and is appropriate for the skill.
Persistence & Privilege
Skill is not marked always:true and does not declare elevated platform privileges. It operates via local scripts and configuration files inside the skill workspace; nothing in the manifest indicates it modifies other skills or system‑wide agent settings.
Assessment
This skill appears coherent and focused on public‑data searching and report generation. Before installing or running: 1) inspect scripts/search.sh (and other scripts) to confirm they do only expected HTTP queries and parsing (watch for commands that exec input, follow untrusted redirects, or write to unexpected system paths); 2) be aware the tool will make network requests and may download web content—use rate limits and respect robots/policies; 3) optional API keys (TAVILY, SearXNG) improve results but are not required—don’t provide unrelated credentials; 4) run the skill in a sandbox or with non‑privileged user account if you’re unsure; 5) confirm output handling (reports directory, logs) meets your privacy policy before running bulk queries that may aggregate sensitive info.Like a lobster shell, security has layers — review code before you run it.
investigationvk972vr06rndwfyz70fvesyj6yd836qr5latestvk972vr06rndwfyz70fvesyj6yd836qr5pensionvk972vr06rndwfyz70fvesyj6yd836qr5searchvk972vr06rndwfyz70fvesyj6yd836qr5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.