← Back to Skills Marketplace

RiskShield案件审批自动化

Name: RiskShield案件审批自动化
Author: haoleizhang

by haoleizhang · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install riskshield

Description

RiskShield 案件审批自动化。使用 Playwright 浏览器自动化完成审批，支持 Pass/Refuse 两种操作。

Usage Guidance

Things to consider before installing or running this skill: - Inspect secrets: The SKILL.md and multiple scripts include hard-coded credentials (usernames like 'alan.zhang' and a password shown) and the package contains token.json. Do not run these scripts with real or privileged accounts. Remove or rotate any baked-in credentials and delete token.json if it contains real tokens. - Expect npm installs: The README tells you to run npm install/playwright; that will pull code from npm (playwright). The registry metadata did not list an install step — treat that as a mismatch. Run installs in an isolated environment (container or VM) if you must test. - Audit network activity: Scripts make HTTPS requests to riskshield.dcsuat.com and perform actions (approve/refuse). Only run in a test/staging environment where automatic approvals are acceptable. Running against production could perform destructive or unauthorized actions. - Review all bundled files: The skill ships 100+ scripts and helper shells; some call an 'agent-browser' CLI. Verify each script you plan to run; don't execute arbitrary .js/.sh files blindly. - Secrets handling: Prefer passing credentials via environment variables or secure credential stores rather than hard-coding. If you need to use this skill, replace embedded credentials with a safe configuration mechanism and ensure token.json is stored securely or regenerated. - If uncertain, run in a sandbox: Use an isolated container or disposable VM and a test account on the target system. If you want a safer alternative, request a minimal skill that uses explicit credentials (declared in metadata) and a clear install spec.

Capability Analysis

Type: OpenClaw Skill Name: riskshield Version: 1.0.0 The skill bundle is a collection of automation and debugging scripts designed to interact with the RiskShield case approval system at riskshield.dcsuat.com. It utilizes Playwright for browser automation and direct HTTPS requests for API interactions. While the bundle contains hardcoded credentials (e.g., in SKILL.md and scripts/risk_approve.js) and scripts that extract session tokens and cookies for debugging (e.g., scripts/extract_session.js), these behaviors are consistent with the stated purpose of automating a complex web-based business process. There is no evidence of data exfiltration to third-party domains, malicious persistence, or prompt injection attempts against the OpenClaw agent.

Capability Tags

requires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

ℹ Purpose & Capability

Name/description (RiskShield approval automation) match the included scripts: many Playwright and shell helper scripts that log in and click '审批' to Pass/Refuse cases on riskshield.dcsuat.com. However metadata claimed 'instruction-only' / no install spec while the package includes 100+ executable scripts and a package.json — that mismatch is unexpected. The SKILL.md and many scripts also embed hard-coded credentials (password shown) and reference a local token.json; those are not declared as required credentials.

⚠ Instruction Scope

Runtime instructions ask you to npm install Playwright and run node scripts in ~/.openclaw/workspace/skills/riskshield/scripts. The scripts will: perform logins using embedded credentials, call site APIs (HTTPS requests), read/write token.json, save screenshots/logs to /tmp, and some bash helpers invoke an 'agent-browser' CLI. The SKILL.md does not instruct reading unrelated system files, but it does instruct installing packages and executing many bundled scripts — giving broad runtime discretion. The presence of embedded credentials and token.json increases the risk of unintended credential reuse/exposure.

⚠ Install Mechanism

No formal install spec is declared, but SKILL.md directs npm install playwright and npx playwright install (which will download packages from npm). The code bundle itself is shipped with the skill (many JS and shell scripts) and will be executed locally. There are no downloads from unknown hosts in the provided files, but the implicit npm install step is not surfaced in registry metadata (mismatch).

⚠ Credentials

The skill declares no required env vars or primary credential, yet the SKILL.md and multiple scripts include hard-coded usernames and the password 'ZIdongshenpi1.' and reference token.json (included in the package). That is inconsistent: a networked automation tool that needs login tokens should declare credential handling rather than embedding secrets. token.json may contain session tokens — shipping credentials/tokens in the skill package is a secrecy risk. The number of files and potential to write logs/screenshots to /tmp also increases data footprint.

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills. It stores/reads token.json inside its own workspace and writes temporary logs/screenshots under /tmp — normal for a local automation tool. Autonomous invocation is allowed (platform default) but is not combined with other high privileges in metadata.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install riskshield
After installation, invoke the skill by name or use /riskshield
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of RiskShield approval automation skill. - Automates RiskShield case approval using Playwright for browser automation. - Supports both "Pass" (with customizable credit amount) and "Refuse" (with selectable refuse code) actions. - Automatically verifies approval results and updates case status. - Runs in headless (background) mode without affecting other work. - Command-line usage with parameter options for case number, operation, refuse code, and approval amount.

Metadata

Slug riskshield

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is RiskShield案件审批自动化?

RiskShield 案件审批自动化。使用 Playwright 浏览器自动化完成审批，支持 Pass/Refuse 两种操作。 It is an AI Agent Skill for Claude Code / OpenClaw, with 65 downloads so far.

How do I install RiskShield案件审批自动化?

Run "/install riskshield" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is RiskShield案件审批自动化 free?

Yes, RiskShield案件审批自动化 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does RiskShield案件审批自动化 support?

RiskShield案件审批自动化 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created RiskShield案件审批自动化?

It is built and maintained by haoleizhang (@haoleizhang); the current version is v1.0.0.

More Skills