Back to skill
Skillv1.0.0
ClawScan security
Lawsuit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 8, 2026, 7:04 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's lofty claims about automated filing, mass ingestion, and API integration are not supported by any concrete instructions, credentials, or install requirements — the design is vague and disproportionate to what it requests.
- Guidance
- This skill reads like an architectural manifesto rather than an actionable integration. Before installing or enabling it, ask the author for concrete details: which court docket APIs and endpoints will be used, what credentials are required (and why), what data sources will be ingested, and what precise actions the agent may perform autonomously. Do not provide broad credentials or sensitive document access until you have a version that lists explicit env vars, required endpoints, and a minimal set of permissions. Prefer a staged approach: (1) a non-autonomous, read-only test mode with sample data; (2) explicit confirmation steps before any filing or external network call; and (3) an auditable log of all actions. If the author cannot justify the missing credentials/endpoints or refuses to limit autonomous filing, treat the skill as unsafe to run with real data or credentials.
Review Dimensions
- Purpose & Capability
- concernName/description promise: end-to-end autonomous litigation (automated filing, discovery ingestion, ZK proofs, jurisdiction routing). Reality: instruction-only SKILL.md with high-level architecture but no concrete requirements (no API endpoints, no required credentials, no data sources). A capability that needs court docket APIs, evidence stores, or ZK tooling would normally declare credentials, endpoints, or install steps; this skill declares none, which is incoherent.
- Instruction Scope
- concernThe SKILL.md is abstract and grants broad, open-ended authority (mass 'recursive ingestion of millions of artifacts', 'automated filing via API-integrated court dockets') but does not specify which files, paths, or network endpoints to use, nor any constraints or approvals. Vague instructions like this can lead an agent to over-collect data or attempt network actions without clear limits.
- Install Mechanism
- okNo install spec and no code files — lowest install risk. Nothing will be automatically downloaded or written to disk by the skill as provided.
- Credentials
- concernThe skill declares no required environment variables or credentials, yet its functionality (API-integrated filing, discovery ingestion, ZK-proofing) would realistically require access tokens, service endpoints, storage, and possibly privileged data. The absence of declared credentials is disproportionate and unexplained.
- Persistence & Privilege
- notealways:false (normal) and model invocation is allowed (default). Autonomous invocation is the platform default; by itself this is not a red flag, but combined with the skill's vague authority to perform filings and massive ingestion it raises the potential blast radius if later coupled with credentials or implementation changes.