by 安全扫描
OpenClaw
安全
high confidence此提案写作技能仅包含指令,内部一致性强,风险低:无需凭证,未安装代码,运行指令仅转换用户提供的提案内容。
评估建议
该技能逻辑一致,风险低,因为它仅为指令式且不要求敏感信息。使用前:(1) 避免将机密客户数据或秘密粘贴到提示中;(2) 如果来源重要,请验证发布者/来源;(3) 将输出视为草稿——让法律或采购部门审查最终条款;(4) 先使用非敏感示例数据进行测试。...详细分析 ▾
ℹ 用途与能力
The name, description, and SKILL.md all describe proposal drafting, review, and framing; no unrelated binaries, env vars, or config paths are requested. Minor metadata inconsistency: registry metadata lists no homepage/source but skill.json contains a homepage (https://clawhub.ai) and author 'dpetcr' — this is a small provenance mismatch to be aware of but does not affect functionality.
✓ 指令范围
SKILL.md contains only guidance, templates, workflows, and rules for producing proposals. It does not instruct the agent to read system files, access environment variables, contact external endpoints, or exfiltrate data; it operates on user-provided inputs and produces text outputs.
✓ 安装机制
There is no install spec and no code files beyond documentation/skill instructions. That is the lowest-risk pattern — nothing is written to disk or fetched at install time.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths. That matches the claimed purpose of text-based proposal drafting and review.
✓ 持久化与权限
Flags are default (always: false, user-invocable: true, model invocation allowed). The skill does not request permanent presence or modify other skills or system settings. Autonomous invocation is permitted by default on the platform but is not a red flag here by itself.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv2.0.02026/3/10
版本 2.0.0 – 大型更新,添加文档和示例 - 添加了 README.md、examples.md 和 skill.json 文件以改进文档和使用指南。 - 核心技能逻辑无变化;功能与之前版本一致。 - 新文件使用户更容易理解、实现和展示技能。
● 无害
安装命令
点击复制官方npx clawhub@latest install proposal
镜像加速npx clawhub@latest install proposal --registry https://cn.longxiaskill.com镜像同步中
技能文档
提案 ====== 提案不仅仅是一份文档,提案是一种决策工具。...(中间内容保持原文未翻译,仅示例)... ## 提案逻辑 ~~~python PROPOSAL_LOGIC = { ... }~~~