by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill appears to do what it says, but it implies the agent will read and modify files and may create a helper sub-agent. Before installing or enabling it, consider: 1) Will you allow the agent to write directly to your documents? Back up target files or require manual approval for edits. 2) Disable or require confirmation for the 'auto-fix minor issues' behavior if you don't want automatic inline changes. 3) Confirm your platform's sub-agent behavior and limits (network access, external cal...详细分析 ▾
✓ 用途与能力
Name and description (structural review of documents) align with the instructions: reading a document, applying review lenses, scoring, and proposing/performing edits. It does not request unrelated binaries, environment variables, or installs.
⚠ 指令范围
The SKILL.md directs the agent to locate and read documents (e.g., docs/brainstorms/, docs/plans/) and to 'Update the document inline' — implying read and write access to user files. It also allows automatic fixes for 'minor issues' without asking, which could result in unintended file modifications. Step 7's 'dispatch a zero-context sub-agent' creates another autonomous process that will be given the document content; while described as isolated, the runtime implications (where the sub-agent runs, what tools it may call) are not specified. These actions go beyond passive review and require explicit user permission and clear boundaries.
✓ 安装机制
Instruction-only skill with no install spec, no downloads, and no code files — minimal install risk.
✓ 凭证需求
The skill requests no environment variables, credentials, or config paths. There are no disproportionate credential requests relative to the stated purpose.
ℹ 持久化与权限
always:false (no forced inclusion). However, the skill's instructions imply the agent will write changes inline and may spawn a sub-agent. Those behaviors grant runtime privileges (file write and creation of a sub-agent) even without persistent installation; users should verify and restrict the agent's file-system and agent-creation permissions if possible.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv2.56.12026/4/6
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install compound-eng-document-review
镜像加速npx clawhub@latest install compound-eng-document-review --registry https://cn.longxiaskill.com