← 返回 Skills 市场

Shuzhi Open

Name: Shuzhi Open
Author: alex098929

作者 alex098929 · GitHub ↗ · v1.0.3 · MIT-0

cross-platform ⚠ suspicious

159

总下载

当前安装

版本数

在 OpenClaw 中安装

/install shuzhi-open

功能描述

数秦开放平台统一接口封装，支持区块链API服务、自动化取证、保管单组件、电子签章

安全使用建议

This skill appears to implement what it claims, but it will upload user files and personally identifying information to the configured baseUrl using the appKey/appSecret stored in config.json. Before installing or running: 1) Verify the baseUrl (domain) and that the appKey/appSecret are issued by a trusted provider; do not use production credentials against unknown endpoints. 2) Treat config.json as secret (store securely, restrict permissions). 3) Expect contract PDFs and personal ID numbers to be transmitted — only proceed if you trust the service and the legal/regulatory implications. 4) If you need higher assurance, review the omitted lib/* files (auth.js, client.js, modules/*) to confirm there is no unexpected telemetry, hard-coded remote endpoints, or secret exfiltration. 5) Run the scripts in an isolated environment and avoid running with elevated system privileges.

功能分析

Type: OpenClaw Skill Name: shuzhi-open Version: 1.0.3 The shuzhi-open skill bundle is a legitimate integration for the ShuQin Open Platform, providing wrappers for blockchain存证 (blockchain evidence), automated forensics, and electronic signatures. The code implements standard HMAC-SHA256 authentication (lib/auth.js) and provides well-structured modules and CLI scripts for interacting with the platform's APIs. Notably, the SKILL.md instructions include strong safety guidelines for the AI agent, explicitly forbidding the auto-filling of sensitive legal or personal data and requiring mandatory user confirmation for all critical fields. No evidence of malicious intent, data exfiltration, or unauthorized execution was found.

能力评估

✓ Purpose & Capability

The name/description (区块链上链、自动化取证、保管单、电子签章) match the included scripts and modules: chain, evidence, certificate, sign. The code requires a config.json with baseUrl/appKey/appSecret and per-product IDs, which is consistent with a remote API client. No unrelated credentials or binaries are requested.

ℹ Instruction Scope

SKILL.md explicitly instructs interactive collection of user data and to avoid autofill. The runtime scripts read local files provided by the user (contract PDFs, params JSON), read config.json, upload files (base64) and submit personally identifying information (names, ID numbers, mobiles) to the remote API. These actions are consistent with the stated workflows but do result in file and PII transmission to the configured service. Scripts also write a last-download-link.txt and create output files when downloading signed PDFs.

✓ Install Mechanism

No install spec is present (instruction-and-code bundle). That is lower-risk than arbitrary network installs. The package is plain Node.js scripts; there is no evidence of downloads from untrusted URLs in the provided manifest. (Full contents of some lib files were truncated in the review; no install behavior was seen.)

ℹ Credentials

The skill does not request environment variables; instead it stores credentials in config.json (appKey/appSecret and product IDs). That is proportionate to a client for a remote service. However the skill expects and transmits highly sensitive fields (ID cards, phone numbers, contract files, file contents), so users must ensure the configured baseUrl and app credentials belong to a trusted provider and protect config.json accordingly.

✓ Persistence & Privilege

The skill is not always-enabled and uses normal autonomous invocation behavior. It does not request system-level persistence or modify other skills. It writes outputs (downloaded files, last-download-link.txt) only in the working directory — expected for its functionality.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install shuzhi-open
安装完成后，直接呼叫该 Skill 的名称或使用 /shuzhi-open 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.3

shuzhi-open 1.0.3 - 优化电子签章交互式流程描述：更详细地说明签署方数量和信息收集顺序。 - 明确支持签署方总数最多6个，区分企业/个人填写模板。 - 优化信息收集指引，新增按序号填写企业方/个人方信息示例。 - 补充命令行与信息收集细节，避免遗漏签署方数据。 - 其他文本结构微调，提升指导清晰度与可操作性。

v1.0.2

- 移除 scripts/sign/workflow-interactive.js，取消交互式电子签章脚本。 - 相关文档更新，推荐统一通过 workflow.js 支持 AI 助手或终端输入的信息收集方式。 - 交互式签章流程说明调整为聚焦 workflow.js，用法更清晰。 - 其他原有功能与配置方式保持不变。

v1.0.1

- Initial release. - Provides unified interface encapsulation for 数秦开放平台. - Supports blockchain API services, automated evidence collection, certificate PDF components, and electronic contract signing. - Strictly requires users to provide and confirm all significant information; auto-filling or guessing values is strictly prohibited. - Detailed guidance and interactive workflow instructions included for each function.

v1.0.0

shuzhi-open v1.0.0 - Initial release providing unified interface encapsulation for Shuzhi Open Platform. - Supports blockchain API services, automated evidence collection, custody certificate module, and electronic signature. - Emphasizes the principle: all uncertain or legally effective information must be explicitly confirmed with the user—no auto-filling or assumptions allowed. - Includes command-line scripts and interactive workflows for all supported business scenarios (blockchain, evidence, certificate, sign). - Extensive documentation for user-driven data collection and strict input requirement explanations. - Ensures compliance for workflows involving legally effective documents, with clear prompts for each necessary user input.

元数据

Slug shuzhi-open

版本 1.0.3

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题

Shuzhi Open 是什么？

数秦开放平台统一接口封装，支持区块链API服务、自动化取证、保管单组件、电子签章. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 159 次。

如何安装 Shuzhi Open？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install shuzhi-open」即可一键安装，无需额外配置。

Shuzhi Open 是免费的吗？

是的，Shuzhi Open 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Shuzhi Open 支持哪些平台？

Shuzhi Open 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Shuzhi Open？

由 alex098929（@alex098929）开发并维护，当前版本 v1.0.3。