← 返回 Skills 市场
137
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install normieclaw-legal-docs-pro
功能描述
Your landlord just sent a 12-page lease renewal and you have no idea what half the clauses mean. Or you need an NDA for a freelancer by tomorrow and LegalZoo...
安全使用建议
What to consider before installing:
- Data storage: The skill stores your business profile (including EIN, addresses, emails) in plaintext under the skill's config/data directories and will auto-save generated documents and contract-review copies to local folders (data/documents, data/reviews) and the local dashboard tables. If you don’t want that behavior, inspect or edit SKILL.md and scripts to disable autosave or remove sensitive fields before using.
- Model data exposure: Contract text you paste into the agent is processed by the underlying AI provider. Review your AI provider's privacy/data-handling policies before sending highly confidential material (M&A, litigation, proprietary trade secrets). The skill’s SECURITY.md correctly calls this out.
- Scripts to review: The package includes shell scripts (setup.sh, export-doc.sh, contract-scan.sh). contract-scan.sh is benign and only extracts text and optionally saves a local copy; export-doc.sh and setup.sh contents should be reviewed before execution to ensure they don't perform unexpected network operations. Do not run scripts you haven't inspected.
- Required tools: PDF/.docx extraction and PDF export rely on external tools (poppler/pdftotext, pandoc, textutil). Install these from trusted package managers if needed; the scripts fail safely if absent.
- File permissions & isolation: After setup, restrict access to the skill data directory (chmod 700 config/ or the whole skill directory) and consider running the skill on a machine you control. If you want extra safety, run first use in an isolated environment (VM) and verify file writes.
- When in doubt: Do not paste highly sensitive contracts or tax IDs until you’ve inspected setup.sh and export-doc.sh for network calls, and confirm you are comfortable with local storage behavior. If you need absolute confidentiality, consult a licensed attorney rather than relying solely on AI-generated reviews.
功能分析
Type: OpenClaw Skill
Name: normieclaw-legal-docs-pro
Version: 1.0.3
Legal Docs Pro is a legal document generation and review tool that handles sensitive business information, including EINs and contract details. It is classified as suspicious due to shell injection vulnerabilities in `scripts/setup.sh` and `scripts/contract-scan.sh`, where user-provided inputs (such as business names or filenames) are directly interpolated into Python command strings executed via the shell. While these scripts and the collection of business data in `config/settings.json` are plausibly necessary for the tool's stated purpose, the insecure implementation and the handling of sensitive identifiers pose a risk of arbitrary code execution and data exposure.
能力评估
Purpose & Capability
The name/description (legal document generation, review, explanations) matches the files and instructions. Required resources are local files and optional helper binaries (pandoc, pdftotext) referenced by scripts — these are reasonable for PDF/text extraction and export. No unrelated credentials, network endpoints, or external cloud APIs are requested in the package metadata.
Instruction Scope
SKILL.md explicitly instructs the agent to read and update config/settings.json (business profile) for every session, auto-populate documents from that profile, and save generated documents/reviews to local data directories and dashboard tables. This is consistent with the purpose, but it implies automatic local persistence of sensitive fields (EIN, contact info) and automatic saving of reviewed/uploaded contract text unless the user opts out or the agent is told not to save.
Install Mechanism
No remote download/install is required — this is an instruction-and-script bundle. The included shell scripts rely on standard third-party CLI tools (pdftotext/poppler, pandoc, textutil, python3) for extraction/export. That is moderate dependency usage but not unexpected; there are no obscure URLs, extract steps, or remote installers in the provided files.
Credentials
No environment variables or external credentials are requested (proportional). However, the skill stores PII/PII-adjacent data (EIN, addresses, emails, contract text) in plaintext under its config/data directories by design. The SKILL.md and SECURITY.md acknowledge that AI provider processing of conversation content may send data to the model provider — users should be aware conversation contents (including pasted contracts) may leave their machine depending on the underlying AI provider.
Persistence & Privilege
always:false and no requests to alter other skills or system-wide settings. The skill writes its own data (data/documents, data/reviews, ld_* dashboard tables) and uses its own config directory. This level of local persistence is expected for a document management tool and is within the skill's stated scope.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install normieclaw-legal-docs-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/normieclaw-legal-docs-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
v1.0.3: Security fixes: confined scripts to skill directory, removed filesystem traversal from setup
v1.0.2
v1.0.2: MIT license, cleaned descriptions, removed cross-sell
v1.0.0
Initial publish from NormieClaw.ai — Free OpenClaw skills for everyone.
元数据
常见问题
Legal Docs Pro 是什么?
Your landlord just sent a 12-page lease renewal and you have no idea what half the clauses mean. Or you need an NDA for a freelancer by tomorrow and LegalZoo... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 137 次。
如何安装 Legal Docs Pro?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install normieclaw-legal-docs-pro」即可一键安装,无需额外配置。
Legal Docs Pro 是免费的吗?
是的,Legal Docs Pro 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Legal Docs Pro 支持哪些平台?
Legal Docs Pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Legal Docs Pro?
由 Nollio(@nollio)开发并维护,当前版本 v1.0.3。
推荐 Skills