← 返回 Skills 市场
haoleizhang

RiskShield案件审批自动化

作者 haoleizhang · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
65
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install riskshield
功能描述
RiskShield 案件审批自动化。使用 Playwright 浏览器自动化完成审批,支持 Pass/Refuse 两种操作。
安全使用建议
Things to consider before installing or running this skill: - Inspect secrets: The SKILL.md and multiple scripts include hard-coded credentials (usernames like 'alan.zhang' and a password shown) and the package contains token.json. Do not run these scripts with real or privileged accounts. Remove or rotate any baked-in credentials and delete token.json if it contains real tokens. - Expect npm installs: The README tells you to run npm install/playwright; that will pull code from npm (playwright). The registry metadata did not list an install step — treat that as a mismatch. Run installs in an isolated environment (container or VM) if you must test. - Audit network activity: Scripts make HTTPS requests to riskshield.dcsuat.com and perform actions (approve/refuse). Only run in a test/staging environment where automatic approvals are acceptable. Running against production could perform destructive or unauthorized actions. - Review all bundled files: The skill ships 100+ scripts and helper shells; some call an 'agent-browser' CLI. Verify each script you plan to run; don't execute arbitrary .js/.sh files blindly. - Secrets handling: Prefer passing credentials via environment variables or secure credential stores rather than hard-coding. If you need to use this skill, replace embedded credentials with a safe configuration mechanism and ensure token.json is stored securely or regenerated. - If uncertain, run in a sandbox: Use an isolated container or disposable VM and a test account on the target system. If you want a safer alternative, request a minimal skill that uses explicit credentials (declared in metadata) and a clear install spec.
功能分析
Type: OpenClaw Skill Name: riskshield Version: 1.0.0 The skill bundle is a collection of automation and debugging scripts designed to interact with the RiskShield case approval system at riskshield.dcsuat.com. It utilizes Playwright for browser automation and direct HTTPS requests for API interactions. While the bundle contains hardcoded credentials (e.g., in SKILL.md and scripts/risk_approve.js) and scripts that extract session tokens and cookies for debugging (e.g., scripts/extract_session.js), these behaviors are consistent with the stated purpose of automating a complex web-based business process. There is no evidence of data exfiltration to third-party domains, malicious persistence, or prompt injection attempts against the OpenClaw agent.
能力标签
requires-oauth-tokenrequires-sensitive-credentials
能力评估
Purpose & Capability
Name/description (RiskShield approval automation) match the included scripts: many Playwright and shell helper scripts that log in and click '审批' to Pass/Refuse cases on riskshield.dcsuat.com. However metadata claimed 'instruction-only' / no install spec while the package includes 100+ executable scripts and a package.json — that mismatch is unexpected. The SKILL.md and many scripts also embed hard-coded credentials (password shown) and reference a local token.json; those are not declared as required credentials.
Instruction Scope
Runtime instructions ask you to npm install Playwright and run node scripts in ~/.openclaw/workspace/skills/riskshield/scripts. The scripts will: perform logins using embedded credentials, call site APIs (HTTPS requests), read/write token.json, save screenshots/logs to /tmp, and some bash helpers invoke an 'agent-browser' CLI. The SKILL.md does not instruct reading unrelated system files, but it does instruct installing packages and executing many bundled scripts — giving broad runtime discretion. The presence of embedded credentials and token.json increases the risk of unintended credential reuse/exposure.
Install Mechanism
No formal install spec is declared, but SKILL.md directs npm install playwright and npx playwright install (which will download packages from npm). The code bundle itself is shipped with the skill (many JS and shell scripts) and will be executed locally. There are no downloads from unknown hosts in the provided files, but the implicit npm install step is not surfaced in registry metadata (mismatch).
Credentials
The skill declares no required env vars or primary credential, yet the SKILL.md and multiple scripts include hard-coded usernames and the password 'ZIdongshenpi1.' and reference token.json (included in the package). That is inconsistent: a networked automation tool that needs login tokens should declare credential handling rather than embedding secrets. token.json may contain session tokens — shipping credentials/tokens in the skill package is a secrecy risk. The number of files and potential to write logs/screenshots to /tmp also increases data footprint.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It stores/reads token.json inside its own workspace and writes temporary logs/screenshots under /tmp — normal for a local automation tool. Autonomous invocation is allowed (platform default) but is not combined with other high privileges in metadata.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install riskshield
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /riskshield 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of RiskShield approval automation skill. - Automates RiskShield case approval using Playwright for browser automation. - Supports both "Pass" (with customizable credit amount) and "Refuse" (with selectable refuse code) actions. - Automatically verifies approval results and updates case status. - Runs in headless (background) mode without affecting other work. - Command-line usage with parameter options for case number, operation, refuse code, and approval amount.
元数据
Slug riskshield
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

RiskShield案件审批自动化 是什么?

RiskShield 案件审批自动化。使用 Playwright 浏览器自动化完成审批,支持 Pass/Refuse 两种操作。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 65 次。

如何安装 RiskShield案件审批自动化?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install riskshield」即可一键安装,无需额外配置。

RiskShield案件审批自动化 是免费的吗?

是的,RiskShield案件审批自动化 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

RiskShield案件审批自动化 支持哪些平台?

RiskShield案件审批自动化 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 RiskShield案件审批自动化?

由 haoleizhang(@haoleizhang)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论