contract-redline-navigator

PassAudited by ClawScan on May 1, 2026.

Overview

This appears to be a coherent local contract comparison helper; the main thing to notice is that its script reads user-provided contract files and writes a diff file.

This skill looks safe for its stated purpose. Before installing or using it, remember that contract drafts may contain confidential information; provide only documents you are allowed to analyze and check where the diff output will be written.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI02: Tool Misuse and Exploitation

What this means

If used with the wrong file paths, the skill could process unintended local documents or overwrite an existing diff file.

Why it was flagged

The helper script reads two local files specified by path and writes a Markdown diff output. This is purpose-aligned for contract redlining, but the chosen paths determine what local contract data is read and whether an output file is created or overwritten.

Skill content

ap.add_argument("old_file")
ap.add_argument("new_file")
ap.add_argument("--out", default="contract_diff.md")
...
open(args.out, "w", encoding="utf-8").write(content)

Recommendation

Use explicit input files, review the output path before running the script, and avoid providing contracts you are not authorized to analyze.