← 返回 Skills 市场
POLICY-MANAGER
作者
erveyNight
· GitHub ↗
· v1.0.0
· MIT-0
123
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install policy-manager
功能描述
保单数据管理 - 创建、读取、更新保单 JSON 文件。当用户选择产品后创建保单,上传材料后更新材料列表和提取数据,口述信息后更新投保数据,确认缴费计划后更新状态。
安全使用建议
This skill is functionally consistent with a policy JSON manager, but there are several concerns you should address before installing: 1) Hard-coded paths: the CLI writes to and reads from /Users/wuaihua/... — change POLICIES_DIR to a safe, configurable location or run in an isolated environment to avoid unexpected file writes. 2) Undeclared environment variable: the script will make network calls if POLICY_API_URL is set; treat that as a powerful switch—do not set it to an untrusted endpoint. 3) SKILL.md mismatch: it mentions 'Requires jq' but the shipped script is Node-based and does not use jq; metadata should be corrected. 4) Review mock-api.json and any local templates before use to avoid processing untrusted test data. 5) Because the skill can write files and optionally call an external API, run it with least privilege (sandbox, restricted network) and inspect/modify the code (scripts/policy-manager.js) to point directories and endpoints to locations you control. If you need to allow autonomous invocation, consider the additional risk that the skill could write/update files or contact an endpoint without manual review.
功能分析
Type: OpenClaw Skill
Name: policy-manager
Version: 1.0.0
The skill bundle provides a Node.js CLI tool (`scripts/policy-manager.js`) and instructions (`SKILL.md`) for managing insurance policy JSON files. It is classified as suspicious because it possesses high-risk capabilities, including outbound network requests (to fetch templates via `POLICY_API_URL`) and direct file system writes. Furthermore, the script contains hardcoded absolute paths to a specific user's local workspace (`/Users/wuaihua/workspaces/insurance-clerk/policies`), which is a risky practice and indicates a lack of environment isolation. While these behaviors are plausibly aligned with the stated purpose of policy management, the combination of network access and local file manipulation without robust path sanitization warrants caution.
能力评估
Purpose & Capability
Name/description (保单数据管理) align with the included script which creates/reads/updates policy JSON files. However there are mismatches: SKILL.md claims 'Requires jq for JSON manipulation' but the shipped CLI is a Node script and does not use jq; the script optionally calls an external API via process.env.POLICY_API_URL even though no environment variables are declared in the skill metadata. These inconsistencies suggest sloppy packaging or incomplete metadata.
Instruction Scope
SKILL.md instructs the agent to create/update/read local JSON policy files and to call material-* subskills for document parsing — this is consistent with the skill purpose. But the instructions and the script both rely on specific local filesystem locations (e.g., paths under /Users/wuaihua/workspaces/insurance-clerk/), and SKILL.md examples use oss:// URIs. The skill will read a local mock-api.json at a hard-coded path if an external API is not configured. Review these file-path assumptions before use.
Install Mechanism
There is no install spec (instruction-only plus a bundled Node script). That lowers install risk because nothing is automatically downloaded or installed from external URLs. The included files are static and local.
Credentials
Skill metadata lists no required environment variables, but the script reads process.env.POLICY_API_URL to call arbitrary endpoints if provided. This is a mismatch: an undeclared env var can change behavior to make external network calls. No credentials are declared, yet the script can be pointed to any baseUrl and will JSON-post/GET to it. The lack of declared env vars means users may not realize this network capability.
Persistence & Privilege
The script writes and updates policy JSON files on disk (creates directory and files). That is expected for a file-management skill. However the path is hard-coded to a user-specific absolute path (/Users/wuaihua/workspaces/insurance-clerk/policies) and the script also reads /Users/wuaihua/workspaces/insurance-clerk/mock-api.json. Hard-coded absolute paths can lead to surprising writes or failures; consider reconfiguring the directory or running in a sandbox.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install policy-manager - 安装完成后,直接呼叫该 Skill 的名称或使用
/policy-manager触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
policy-manager v1.0.0
- Initial release providing core policy JSON file management: creation, update (materials, policy data, status), and reading.
- Integrates with material recognizer and parsing sub-skills to extract and map insured information.
- Enforces strict data integrity: no inferred or generated data, only user or material extraction sources.
- Standardized success/error JSON outputs and comprehensive error handling for all key policy operations.
- Step-by-step workflow instructions with detailed command-line usage examples.
元数据
常见问题
POLICY-MANAGER 是什么?
保单数据管理 - 创建、读取、更新保单 JSON 文件。当用户选择产品后创建保单,上传材料后更新材料列表和提取数据,口述信息后更新投保数据,确认缴费计划后更新状态。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 123 次。
如何安装 POLICY-MANAGER?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install policy-manager」即可一键安装,无需额外配置。
POLICY-MANAGER 是免费的吗?
是的,POLICY-MANAGER 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
POLICY-MANAGER 支持哪些平台?
POLICY-MANAGER 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 POLICY-MANAGER?
由 erveyNight(@erveynight)开发并维护,当前版本 v1.0.0。
推荐 Skills