ClawHub

法务助手(Legal Assistant)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed legal workflow assistant with sensitive but expected contract-review and ledger-support functions, and no executable or hidden behavior found.

Install only if you intend to use this with contract and legal-operation data. Limit Feishu, Hermes Agent, knowledge-base, archive, and ledger permissions to authorized users; require human review before binding legal advice, external replies, final approvals, ledger writes, or seal/signature workflows; and use test data or desensitized examples outside production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill advertises broad end-to-end legal capabilities, including review, advice, approval-draft generation, and ledger maintenance, without clear activation constraints, permission checks, or explicit negative examples of disallowed use. In a legal workflow, this can cause users or downstream agents to over-trust the skill and invoke it for high-risk actions beyond safe advisory boundaries, increasing the chance of unauthorized legal decision support or operational side effects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description says the skill completes a full contract/legal closed loop including contract ledger updates, but it does not prominently warn users that records may be modified or reminder tasks created. Because contract ledgers are systems of record, ambiguous automation can lead to unauthorized data changes, incorrect compliance tracking, or workflow actions taken without informed user consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The workflow explicitly states that contract ledger data is automatically extracted and entered after prescreening or circulation, but it does not define approval gates, confirmation prompts, or safeguards against writing incorrect or sensitive data. In a legal operations context, automatic entry can corrupt contractual records, trigger erroneous reminders, or create compliance and audit issues if the extracted fields are wrong or the action is unauthorized.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal