📦 Legal Gstack — 法律流程自动化
v1.0.0一站式法律工作流自动化套件,集成8大专家角色:法律检索、文书起草、证据分析、庭审准备、直播运营、客户接待、利益冲突审查与案件管理,全面提升律所效率。
0· 170·1 当前·1 累计
by 下载技能包
最后更新
2026/3/22
安全扫描
OpenClaw
可疑
medium confidenceThe skill's files and instructions generally match a local legal-workflow toolkit, but there are inconsistencies (especially around live social-media monitoring and provenance) that should be clarified before use with sensitive client data.
评估建议
This skill looks like a coherent legal-workflow suite, but before installing you should: 1) Verify provenance — ask the publisher for source code, a homepage, or a trusted registry entry (the ownerId mismatch is a red flag). 2) Clarify the live-ops design — how does 'monitor Douyin comments' work, what API/credentials are required, and where is that data routed? 3) Confirm enforcement of the 'local storage only' claim — whether the agent runtime or model provider will transmit data off-device. 4...详细分析 ▾
ℹ 用途与能力
The name/description and per-role SKILL.md files align with a legal workflow assistant that reads local case files and writes local outputs. However, the '直播运营 / 实时监听抖音评论' capability implies external network access and probably API credentials, yet the skill declares no required binaries, env vars, or install steps. Also registry metadata Owner ID (kn7dg83...) does not match _meta.json ownerId (kn70cjr...), and there is no source/homepage to verify provenance.
⚠ 指令范围
Runtime instructions explicitly reference reading and writing sensitive local paths (~/Documents/.../进行中/, 知识库, 模板) which is expected for drafting and case management. But they also instruct '开始监控评论' and '秒级响应' for Douyin comments without specifying how to connect or what endpoints to use. The guidance '案件信息本地存储,不上传云端' is present but is a policy statement in prose, not an enforceable technical constraint; the SKILL.md gives no bounds on what the agent may send externally if the agent has network access.
✓ 安装机制
Instruction-only skill with no install spec and no code files. This minimizes supply-chain risk (nothing is automatically downloaded or written to disk), which is consistent with the declared metadata.
⚠ 凭证需求
The skill requests no environment variables or credentials. That's reasonable for pure local-only tools, but inconsistent with live social-media monitoring which would typically require API tokens, webhooks, or third-party tools. The absence of declared credentials or guidance for secure API use is a gap that could lead implementers to supply credentials in an ad-hoc or unsafe way.
✓ 持久化与权限
The skill is not marked 'always', is user-invocable, and does not request system-wide configuration changes. There are no install scripts or claims to modify other skills — privileges are limited to the agent invocation context. Note: autonomous invocation is allowed by default but not by itself a reason to mark malicious.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/22
法律工作流程自动化套件
● 无害
安装命令
点击复制官方npx clawhub@latest install legal-gstack
镜像加速npx clawhub@latest install legal-gstack --registry https://cn.longxiaskill.com