← 返回 Skills 市场

Compliance Review

Name: Compliance Review
Author: liulong423401-coder

作者 liulong423401-coder · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

496

总下载

当前安装

版本数

在 OpenClaw 中安装

/install compliance-review

功能描述

Automatically reviews compliance of client claim authorization letters using customized templates and pushes results to Feishu every 30 minutes.

使用说明 (SKILL.md)

compliance-review - 授权通知书合规审核

描述

自动审核客户理赔授权通知书的合规性，支持多保险公司模板配置，审核结果推送至飞书

版本

1.0.0

功能

每 30 分钟自动检查待审核任务
支持多保司定制化通知书模板
谨慎审核策略：仅检测手写签名 + 授权通知书
首次运行自动通过，无需人工干预
审核结果实时推送至飞书
不收集/存储客户个人信息

审核要素

✅ 手写签名检测
✅ 授权通知书存在验证\r

安全使用建议

This skill has plausible functionality, but several inconsistencies merit caution before installing: (1) config.js expects FEISHU_WEBHOOK and FEISHU_CHANNEL_ID but the registry lists no required env vars — confirm what credentials the skill needs and where they will be stored. (2) The code sets up local audit logging with 90-day retention despite SKILL.md claiming no data is stored — ask what exactly is logged (are there PII/claim details?) and whether logs are kept encrypted or accessible to others. (3) config.js includes a loginUrl/reviewPath which implies it will access an external/internal task system; request the index.js (runtime code) to verify how it authenticates and what data it reads/writes. (4) Verify with the publisher whether dependencies are trusted and how/when npm packages will be installed. If you require privacy guarantees, obtain the runtime code (index.js), a data-handling policy, and a list of required env vars/credentials before enabling this skill.

功能分析

Type: OpenClaw Skill Name: compliance-review Version: 1.0.0 The skill bundle contains a 'firstRunAutoApprove' feature documented in SKILL.md and enabled in config.js, which explicitly instructs the AI agent to bypass all compliance checks during its initial execution. This creates a predictable window for unauthorized or non-compliant documents to be processed without oversight. Additionally, the config.js file specifies an insecure HTTP login URL (http://ehis-unity-admin-afweb.psic.com.cn/user/login) for a corporate portal, exposing credentials to potential interception.

能力评估

⚠ Purpose & Capability

The skill purports to check authorization letters and push results to Feishu every 30 minutes — that matches the interval and Feishu push settings found in config.js. However, config.js includes a loginUrl and reviewPath (suggesting it will log into an external/internal task system) and references Feishu webhook/channel environment variables, while the registry metadata lists no required environment variables or credentials. The presence of a login endpoint is not explained by SKILL.md and is inconsistent with the declared requirements.

⚠ Instruction Scope

SKILL.md states the skill 'does not collect/store customer personal information' and describes narrowly-scoped checks (handwritten signature detection and document existence). The code (config.js) enables audit logging to './memory/compliance-audit.jsonl' with 90-day retention, which contradicts the 'no storage' claim. Also SKILL.md does not mention interacting with the loginUrl/reviewPath defined in config.js — that suggests the agent may access an external task system or internal admin UI not described in the instructions.

ℹ Install Mechanism

There is no install spec (instruction-only), but package.json and code files are included. Dependencies are internal-looking names (openclaw-schedule, openclaw-browser, openclaw-vision, openclaw-message) which are plausible for scheduled checks, web automation, vision/OCR, and messaging. No external download URLs are present in the files shown. Because code and npm deps exist but no install instructions are declared in metadata, it's unclear how/when dependencies will be installed — ask the publisher/platform how the runtime environment is prepared.

⚠ Credentials

config.js expects FEISHU_WEBHOOK and FEISHU_CHANNEL_ID via process.env, but the skill metadata declares no required environment variables or primary credential. The config also contains a loginUrl that will likely require credentials or session cookies to access tasks; yet no login credentials or config paths are declared. This mismatch means the skill may require undisclosed secrets to function, or it may attempt to operate against an endpoint without clear authorization handling.

⚠ Persistence & Privilege

The skill requests local persistence: saveAuditLog true, logPath './memory/compliance-audit.jsonl', retentionDays 90. That gives the skill the ability to accumulate audit records over months. Combined with the SKILL.md assertion of not storing personal data, this is a contradiction that should be resolved. The skill does not request elevated platform privileges (always:false), but local log storage is a notable persistence behavior.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install compliance-review
安装完成后，直接呼叫该 Skill 的名称或使用 /compliance-review 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

compliance-review 1.0.0 — 首次发布 - 自动审核理赔授权通知书合规性 - 支持多保险公司定制化模板 - 每 30 分钟检查待审核任务 - 检测手写签名及授权通知书存在 - 审核结果实时推送至飞书 - 无需人工干预，首次自动通过 - 不收集客户个人信息

元数据

Slug compliance-review

版本 1.0.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 1

常见问题