← 返回 Skills 市场
App Legal Pages
作者
chentuan7963-afk
· GitHub ↗
· v0.1.6
429
总下载
0
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install app-legal-pages
功能描述
Generate and deploy app Privacy Policy and Terms of Service static websites from an app feature document. Use when a user provides app requirements/feature d...
使用说明 (SKILL.md)
App Legal Pages
Generate a complete legal mini-site for an app:
index.html(legal home)privacy.html(Privacy Policy)terms.html(Terms of Service)styles.css(shared styles)
Workflow
- Collect required legal/product inputs.
- Generate draft legal pages from feature documentation.
- Run strict consistency checker.
- Present generated pages for user review/approval.
- Check Cloudflare deployment auth readiness.
- Ask user to complete auth if missing.
- Auto-deploy to Cloudflare Pages after explicit confirmation.
- Return final public URLs.
1) Collect Inputs
Collect or confirm:
- App name
- Company/entity name (or individual publisher name)
- Contact email
- Governing law jurisdiction (country/region, optional; only if explicitly provided)
- Effective date
- App feature document (markdown/text)
- Data behavior details:
- Analytics events
- Crash/error logs
- Identifiers (device/user IDs)
- Third-party SDKs/services
- Permissions used (camera/location/photos/mic/contacts/tracking/notifications)
If facts are unknown, pause and ask for missing inputs before generation. Do not output placeholder markers (no TODO/TEMP strings in final pages). Never assume jurisdiction, region, analytics/tracking, sharing, or permission usage unless explicitly stated in the input document or user prompt. Generate policy clauses from explicit product claims first (e.g., offline-only, no cloud, no tracking, no analytics), and avoid introducing contradictory generic legal boilerplate.
2) Generate Draft Site
Run:
python3 scripts/generate_legal_site.py \
--input /path/to/app-feature.md \
--out ./out/legal-site \
--app-name "Your App" \
--company "Your Company" \
--base-email "[email protected]" \
--email-tag "quillnest" \
--effective-date "2026-03-03" \
--jurisdiction "California, United States"
Email rule:
- Prefer plus-address derivation from GitHub/base email + app tag.
- Example:
[email protected]+quillnest=>[email protected]. - Use
--emailonly when you explicitly want a fixed address.
Language rule:
- Generate English-only legal pages by default.
- Exclude non-English feature bullets from Feature Context to keep language consistent.
The script auto-detects likely data categories/permissions from the feature text. Manually review and adjust output if app behavior is more specific than heuristic detection.
3) Run Strict Consistency Checker
Run before publishing:
python3 scripts/check_consistency.py \
--feature /path/to/app-feature.md \
--privacy ./out/legal-site/privacy.html \
--terms ./out/legal-site/terms.html
The checker fails on:
- Placeholder tokens (TODO/TEMP/FIXME)
- Contradictions against explicit product claims (offline/no-cloud/no-tracking/no-analytics)
- EXIF mention in feature doc without corresponding privacy disclosure
- Governing-law section in Terms when jurisdiction is not explicitly provided
4) Validate Draft Quality
Check before publishing:
privacy.htmlandterms.htmlboth exist.- App/company/email/effective date are consistent across pages.
- Privacy disclosures match only explicitly stated permissions and data behavior (no inferred tracking/region claims).
- User rights and contact/deletion request path are present.
- No unverifiable legal claims.
- Final pages contain no placeholder markers (forbidden: TODO/TEMP/FIXME).
If the app uses sensitive permissions or SDKs, verify these are explicitly disclosed in Privacy Policy.
5) Review Gate (Mandatory)
Before deployment, share generated files with the user and ask for explicit approval to deploy. Do not deploy automatically without user confirmation.
6) Check Deployment Auth
Run auth readiness check:
python3 scripts/deploy_cloudflare_pages.py --check-auth --site-dir ./out/legal-site --project-name your-project-name --production-branch main
Auth is valid when either:
CLOUDFLARE_API_TOKEN+CLOUDFLARE_ACCOUNT_IDare set, orwrangler whoamisucceeds.
If auth is missing, ask the user to authenticate:
wrangler login
7) Auto-Deploy to Cloudflare Pages
After explicit approval + auth ready:
python3 scripts/deploy_cloudflare_pages.py \
--site-dir ./out/legal-site \
--project-name your-project-name \
--production-branch main
Or use one-shot pipeline:
python3 scripts/run_pipeline.py \
--feature /path/to/app-feature.md \
--out ./out/legal-site \
--app-name "Your App" \
--company "Your Company" \
--base-email "[email protected]" \
--email-tag "yourapp" \
--effective-date "2026-03-05" \
--project-name your-project-name \
--production-branch main \
--confirm-deploy
8) Returnables
Return:
- Cloudflare Pages site URL
- Privacy Policy URL (
\x3Csite>/privacy.html) - Terms of Service URL (
\x3Csite>/terms.html) - Auth mode used (
api-tokenorwrangler-login)
Guardrails
- Do not claim legal compliance guarantees.
- Keep wording plain and readable.
- Keep deterministic page structure for easy future edits.
- Recommend human legal review before production app-store submission.
安全使用建议
This skill appears to implement what it promises (generate, check, and deploy legal pages), but there are some red flags you should address before using it or giving it credentials:
- Do not deploy automatically until you manually inspect generated files. The sample output contains a 'TODO_LEGAL_REVIEW' placeholder and a hardcoded governing-law line ('China') that contradict the skill's own guardrail against assuming jurisdiction. These placeholders would trigger the consistency checker and indicate the generator may include unverifiable or inappropriate text.
- The package metadata lists no required env vars but the deploy script will look for CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID (or require 'wrangler' login). Treat those credentials as sensitive: only provide them after you review the code and are comfortable with the repository and runtime. Prefer to run deployment yourself rather than passing tokens to an untrusted agent.
- Example files embed a real Gmail address in examples. Replace any example addresses with your own or placeholder emails before publishing, and confirm the email-generation rules (plus-addressing) are acceptable.
- Recommended steps before trusting this skill: run the generator locally with a test feature doc in an isolated environment, inspect privacy.html and terms.html for placeholders, unwanted jurisdiction or data-sharing claims, and verify the consistency checker behavior; only then proceed to deployment, and when deploying use a least-privilege Cloudflare API token scoped solely to Pages and a dedicated account/project.
If the author updates the skill to remove hardcoded example PII, remove placeholder content from examples, and declare the optional Cloudflare env vars in metadata, the inconsistencies would be resolved and the skill would look much more trustworthy.
功能分析
Type: OpenClaw Skill
Name: app-legal-pages
Version: 0.1.6
The skill bundle provides functional tools for generating and deploying legal pages to Cloudflare Pages, but it is classified as suspicious due to its reliance on high-risk capabilities. Specifically, the scripts `deploy_cloudflare_pages.py` and `run_pipeline.py` use `subprocess.run` to execute shell commands and handle sensitive credentials like `CLOUDFLARE_API_TOKEN`. Additionally, `SKILL.md` and `generate_legal_site.py` contain a hardcoded email address ([email protected]) as a default/example, which creates a risk of the AI agent generating production legal documents with incorrect contact information if the user does not provide an override.
能力评估
Purpose & Capability
Name/description, SKILL.md, and included scripts (generate, check, deploy, pipeline) are coherent: the skill generates static Privacy/Terms HTML, checks consistency, and can deploy to Cloudflare Pages via wrangler or API token.
Instruction Scope
SKILL.md explicitly forbids placeholder markers and says never to assume jurisdiction, yet the provided example output pages contain 'TODO_LEGAL_REVIEW' placeholders and the example Terms hardcodes 'Governing Law: China'. The consistency checker also flags placeholders and unexpected governing-law clauses — the examples contradict the guardrails and would cause the checker to fail. The instructions otherwise confine actions to generating, checking, reviewing, and deploying the site files.
Install Mechanism
No install spec (instruction-only) which reduces risk, but the deploy script relies on an external CLI (wrangler) and uses subprocess.run to call it; users will need to install wrangler/npm tools manually. No remote download or obscure installer is present.
Credentials
Registry metadata declares no required env vars, but the deploy script checks and can use CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID (or wrangler login). That credential usage is expected for Cloudflare deployment, but the metadata omission is a mismatch that should have been declared. Example files and SKILL.md use a specific Gmail address in examples ([email protected]), which is unusual in samples and may confuse users about required contact info.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or system-wide configuration. Autonomous invocation is allowed (platform default) but not itself a red flag here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install app-legal-pages - 安装完成后,直接呼叫该 Skill 的名称或使用
/app-legal-pages触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.6
Fix deployment correctness: non-interactive project creation, explicit production branch, canonical URLs
v0.1.5
Add review-gated auto deploy flow with Cloudflare auth checks and one-shot pipeline
v0.1.4
Add strict consistency checker to prevent contradictions with input app feature docs
v0.1.3
Make privacy generation claim-driven from input docs; remove contradictory generic assumptions
v0.1.2
Stop assuming jurisdiction/permissions; only include explicitly stated tracking/region details
v0.1.1
Fix language consistency, remove placeholder tokens, and enforce plus-email derivation with optional email-tag
v0.1.0
Initial release providing automated legal page generation and deployment for apps.
- Generates Privacy Policy and Terms of Service static sites from app feature documentation.
- Validates disclosures and consistency; highlights missing or unverifiable points as `TODO_LEGAL_REVIEW`.
- Publishes draft legal sites using GitHub and Cloudflare Pages, returning ready-to-use URLs.
- Collects key app and legal details; auto-detects data categories and permissions from feature docs.
- Includes review checklist and clear human-legal-review guardrails.
元数据
常见问题
App Legal Pages 是什么?
Generate and deploy app Privacy Policy and Terms of Service static websites from an app feature document. Use when a user provides app requirements/feature d... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 429 次。
如何安装 App Legal Pages?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install app-legal-pages」即可一键安装,无需额外配置。
App Legal Pages 是免费的吗?
是的,App Legal Pages 完全免费(开源免费),可自由下载、安装和使用。
App Legal Pages 支持哪些平台?
App Legal Pages 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 App Legal Pages?
由 chentuan7963-afk(@chentuan7963-afk)开发并维护,当前版本 v0.1.6。
推荐 Skills