by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill is coherent: it only contains instructions (no code) and asks nothing unusual. Two practical checks before installing: (1) confirm what agent tooling (Read, Glob, Grep, WebFetch) will actually be enabled — if the agent/platform grants file-system or broad web access, that increases data-exposure risk; (2) remember the SKILL.md is an instruction set the agent is supposed to follow, but the platform does not technically enforce 'only use provided context'—ensure your deployment enforces...详细分析 ▾
✓ 用途与能力
Name and description match the SKILL.md: a compliance Q&A assistant that operates over provided documents. There are no unrelated environment variables, binaries, or install steps requested that would be inconsistent with that purpose.
ℹ 指令范围
The runtime instructions restrict answers to the provided context and include sensible guardrails (no hallucination, no legal advice, escalation triggers). The SKILL.md also lists allowed-tools: Read, Glob, Grep, WebFetch — appropriate for RAG usage, but these tools can read local files or fetch external documents if the agent/platform grants that capability. The instructions themselves do not tell the agent to access unrelated files or secrets.
✓ 安装机制
Instruction-only skill with no install spec and no code files. This is the lowest-risk installation pattern and aligns with the declared purpose.
✓ 凭证需求
No environment variables, credentials, or configuration paths are requested. The lack of secret requests is proportionate for a document-based Q&A assistant.
✓ 持久化与权限
always is false and the skill is user-invocable; it does not request permanent presence or modify other skills. Autonomous invocation is allowed by default but is not combined with any other elevated privileges here.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/3/5
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install compliance-qa
镜像加速npx clawhub@latest install compliance-qa --registry https://cn.longxiaskill.com