The Agent Skills Directory

[DATA_EXFILTRATION]: The skill collects user phone numbers and legal queries, transmitting them to a remote API at fc-openresearch-qzquocekez.cn-shanghai.fcapp.run for authentication and research purposes.
[DATA_EXFILTRATION]: Multiple scripts access and manipulate sensitive files outside the skill's own directory, including ~/.zhihe-legal-research/config and ~/.openclaw/.env, to read or migrate authentication tokens.
[COMMAND_EXECUTION]: The skill uses python3 -c to dynamically process user-provided strings and generate filenames at runtime within scripts/research.sh and scripts/monitor.sh.
[COMMAND_EXECUTION]: Shell scripts utilize sed -i to programmatically modify configuration files containing authentication tokens.
[EXTERNAL_DOWNLOADS]: The skill downloads legal research reports (docx files) from external URLs provided by the remote API during the archiving process.
[PROMPT_INJECTION]: The skill processes and displays research results from an external API, creating a surface for indirect prompt injection.
Ingestion points: scripts/research.sh and scripts/monitor.sh ingest text_result and report content from API responses.
Boundary markers: None observed in the processing of external API data.
Capability inventory: Subprocess execution (curl, python3, sed), file system operations (mkdir, rm, chmod), and network access via curl.
Sanitization: Python scripts are used to sanitize filenames, but no sanitization is applied to the textual research results displayed to the user.

zhihe-legal-research