📦 AI Company Legal - 法务合同审查
v1.0.0Company LegalAI 公司法务执行层 Agent,隶属 CLO,支持合同审查、合规检查、知识产权检索。编号:EXEC-007 LEGAL。触发关键词:合同审查、合同起草、合规检查、知识产权检索、版权检索、商标检索、专利检索、法律意见。
0· 15·0 当前·0 累计
by 下载技能包
最后更新
2026/4/19
安全扫描
OpenClaw
可疑
medium confidence该技能声明的功能(尤其是 IP/商标/专利搜索及外部检查)与其声明的权限和环境需求不符,存在未说明的缺口,安装前应予以澄清。
评估建议
Before installing, verify these points with the skill owner: 1) How are IP/trademark/patent searches performed if the skill has no network permission or API keys? If the work is delegated to other internal skills, get a list of those skills and confirm their permissions and where they run. 2) Why does the skill have workspace read/write rights—limit it to the minimal paths needed (e.g., an input folder and a reports folder) to avoid broad file access. 3) The mcp permissions (sessions_send, subag...详细分析 ▾
⚠ 用途与能力
The skill claims contract review, compliance checks, and external IP searches (copyright/trademark/patent). However it declares no network access, no required environment variables or API keys, and no required binaries. External searches and many compliance checks normally require network access and credentials or explicit integrations; the absence of those requirements is incoherent unless those operations are delegated to other internal skills (listed as dependencies). This mismatch between claimed capabilities and declared requirements is unexplained.
ℹ 指令范围
The SKILL.md defines inputs/outputs and detailed review flows and appears scoped to reviewing provided contract_text or generating drafts. It does not (in the provided excerpt) instruct the agent to read arbitrary system files or environment variables. However the permission set includes read/write workspace which could allow broader file access (beyond the explicit inputs), and the skill depends on other company skills for capabilities—how those delegations happen is not specified. The instructions do not clarify where external IP registry searches occur or what data is sent where.
✓ 安装机制
Instruction-only skill: no install spec and no code files. This is low-risk from an installation/extract perspective (nothing is written to disk by an installer).
⚠ 凭证需求
No env vars or primary credential are required despite functionality that typically needs API access or credentials (IP databases, trademark/patent registries, external compliance checkers). The declared dependencies on other internal skills may explain this, but that introduces an implicit trust boundary: the skill can rely on those other skills having access to secrets. Also, permissions list mcp privileges (sessions_send, subagents) which can be used to delegate work to other agents/skills that do have network or credential access—this increases the effective credential surface in ways that are not made explicit.
ℹ 持久化与权限
always:false (normal). However the skill is allowed mcp actions (sessions_send, subagents) and read/write workspace. The ability to create subagents or send sessions is powerful: it may allow the skill to orchestrate other skills that perform network calls or access credentials. This is not inherently malicious, but it is a capability that increases risk and should be constrained/monitored.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/19
AI Company LEGAL 1.0.0 – 初始版本,核心法律执行功能: - 推出 EXEC-007 LEGAL 代理,支持合同审查、合规检查、知识产权检索及法律意见生成。 - 支持合同审查工作流(AI 服务、数据采购、技术许可、NDA)、主要合规框架(GDPR、CCPA、PIPL、AI 法规)及知识产权类别(版权、商标、专利、商业秘密)。 - 执行原则:所有法律输出须由 CLO 签字;高风险问题上报 CLO。 - 实现审计、错误处理及基于 STRIDE 的安全控制。 - 提供与 CLO、CQO、CISO 集成的标准化接口。
● 无害
安装命令
点击复制官方npx clawhub@latest install ai-company-legal
镜像加速npx clawhub@latest install ai-company-legal --registry https://cn.longxiaskill.com