Scan Report
0 /100
guoshun-contract-analyzer
国顺合同风险审核技能 V2.0 - 江苏国顺智能科技有限公司专用。自动分析工程合同(施工分包/货物采购/智能化分包),输出结构化风险报告。
This is a legitimate contract risk analysis skill for a construction company, with clean implementation, documented behavior, and no malicious indicators.
Safe to install
No action needed. The skill is safe to use as designed.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | SKILL.md describes PDF/DOCX upload; scripts/extract_contract.py reads contract f… |
| Network | NONE | NONE | — | No network calls in extract_contract.py |
| Shell | NONE | NONE | — | No subprocess or shell execution in extract_contract.py |
| Environment | NONE | NONE | — | extract_contract.py only uses sys.argv and os.path |
| Skill Invoke | NONE | NONE | — | No skill invocation or LLM manipulation observed |
| Clipboard | NONE | NONE | — | Not used |
| Browser | NONE | NONE | — | Not used |
| Database | NONE | NONE | — | Not used |
File Tree
3 files · 22.9 KB · 648 lines Markdown 2f · 558L
Python 1f · 90L
├─
▾
references
│ └─
sample-contracts.md
Markdown
├─
▾
scripts
│ └─
extract_contract.py
Python
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
pdfplumber | * | pip | No | Import-lazy; installed at runtime with user-facing error message if missing |
python-docx | * | pip | No | Import-lazy; installed at runtime with user-facing error message if missing |
Security Positives
✓ No network requests — extract_contract.py performs zero outbound connections
✓ No shell execution — uses only standard library functions (pdfplumber, python-docx) with on-demand import
✓ Clean code — no obfuscation, base64, or eval patterns
✓ Full documentation in SKILL.md with 360 lines covering all functionality
✓ No credential access — does not read .env, ~/.ssh, or environment variables
✓ No persistence mechanisms — no cron jobs, startup hooks, or backdoors
✓ Files are reference data and legitimate contract analysis code, no data exfiltration
✓ No supply chain risks — dependencies (pdfplumber, python-docx) are well-known, pinned packages