🛡️ claim-risk-auditor — 断言风险审查

v1.0.0

自动扫描文案、论文、宣传稿或产品说明中的高风险断言，精准标出缺乏证据支持的表述，并提供更稳妥、可信的改写建议，降低法律与公关风险。

0· 260·1 当前·1 累计

by @52yuanchangxing (vx：17605205782)

安全文档工具

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

high confidence

The skill does what it says: it reads macOS clipboard text and helps audit risky claims; its requirements and runtime behavior are coherent, but reading the clipboard can expose sensitive data so use with care.

评估建议

This skill appears to be what it claims: a clipboard-based claim auditor. Before using, note: (1) it requires pbpaste so it works on macOS only; (2) it will read and print whatever is in your clipboard — do not copy passwords, tokens, private documents, or other secrets before running; (3) the skill does not include network calls or request credentials, so it does not by itself exfiltrate data, but if you are concerned about the agent invoking it autonomously, disable autonomous invocation or on...

详细分析 ▾

ℹ 用途与能力

Name/description match the implementation: the skill is designed to read clipboard text and audit claims. Declared binaries (node and pbpaste) align with that purpose. Minor mismatch: SKILL metadata requires pbpaste (macOS) but the skill lists no OS restriction — it will fail on non‑macOS systems.

ℹ 指令范围

SKILL.md instructs the agent to run scripts/read_clipboard.mjs, which simply invokes pbpaste and prints the clipboard contents. This stays within the stated scope (reading content the user asked to check). However, reading the clipboard can expose sensitive or secret data; the instructions do not direct any transmission off‑device, but the agent will have access to whatever is on the clipboard.

✓ 安装机制

Instruction-only skill with no install spec and a tiny included script. Nothing is downloaded or written to disk beyond the provided code files.

✓ 凭证需求

No environment variables, credentials, or external config paths are requested. The single external dependency (pbpaste) is appropriate for clipboard reading on macOS.

ℹ 持久化与权限

The skill is not always-enabled and is user-invocable (normal). Be aware: the platform allows autonomous invocation by default — if the agent runs this skill autonomously it could read clipboard contents without an explicit user copy/consent. That combination (autonomous invocation + clipboard access) increases data‑exposure risk even though the skill itself does not exfiltrate data.

⚠ scripts/read_clipboard.mjs:5

Shell command execution detected (child_process).

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/11

Initial release of claim-risk-auditor. - Checks for high-risk assertions in copy, academic papers, promotional scripts, and product descriptions. - Highlights evidence gaps and suggests more cautious rephrasing. - Useful for marketing, branding, training, livestream scripts, and academic writing. - Supports input via clipboard for quick risk auditing.

● 可疑

安装命令

点击复制

官方npx clawhub@latest install claim-risk-auditor

镜像加速npx clawhub@latest install claim-risk-auditor --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库