tender-similarity-analyzer

提供本地多文档投标文件交叉查重，精确到段落，支持标题过滤、短段合并，输出可视化HTML相似度报告。

Key things to consider before installing or running this skill: - Review scripts/main.py (not fully shown) to see whether default operation is read-only and whether any command-line flags enable writing back to documents or auto-installation. Do not run the skill on your real documents until you confirm behavior. - The repository contains an auto-install helper (scripts/check_dependencies.py) that runs pip via subprocess.run. Avoid using the skill's AI-driven '安装依赖' auto-install option; instead install dependencies yourself in a controlled virtualenv or container so you can review network activity and package versions. - Although SKILL.md promises network isolation, the codebase may still cause network activity indirectly (pip install, sentence-transformers model downloads). If you require strict offline operation, run the tool in an isolated environment with networking disabled and pre-install dependencies. - The code includes a FormatPreservingEditor with replace/save methods and EditHistory.save_to_file. Even if the default UI promises only suggestions, the code can modify and save documents. Run the tool on copies of documents and verify any 'apply changes' workflow requires explicit user confirmation. - Inspect scripts/security/network_isolator.py and sandbox.py to see how network isolation is implemented and whether it actually prevents subprocess pip installs or model downloads. If those modules are not robust, assume network calls may occur. - If you will allow the skill to run autonomously, reduce risk by restricting agent capabilities (disable auto-install, require user invocation for any file-write actions) and run in a sandbox/container. Additional useful checks that would increase confidence: a full review of scripts/main.py to confirm default modes, the contents of scripts/security/* to verify isolation, and runtime tests (in an isolated environment) to observe whether any outbound network traffic occurs during dependency installation or model loading.

Type: OpenClaw Skill Name: tender-similarity-analyzer Version: 2.1.0 The tender-similarity-analyzer is a legitimate tool for local document plagiarism detection. It features a robust security architecture, including a NetworkIsolator (scripts/security/network_isolator.py) that monkey-patches the socket module and common HTTP libraries (requests, urllib, httpx) to enforce zero-outbound data policies. It also includes a SandboxEnforcer (scripts/security/sandbox.py) to mitigate environment-based attacks and an AuditLogger that avoids recording sensitive content. While it uses subprocess for dependency installation in scripts/check_dependencies.py, this behavior is transparently documented and aligned with its functional requirements.