ClawHub
Back to skill

Security audit

Civil Judgment Taiwan Vectorstore

Security checks across malware telemetry and agentic risk

Overview

This skill performs a disclosed judgment-ingestion workflow, but users should understand its metadata limitation and where their document text is sent.

Install only if you intend to ingest these judgment files into Qdrant. Keep Ollama and Qdrant on localhost or trusted infrastructure, avoid mixed FJUD/FINT folders if metadata accuracy matters, and use the --rebuild helper only when you are comfortable recreating that Qdrant collection.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documentation promises ingestion of Taiwan civil judgments only, but later states that FINT files will also be ingested if present, merely mislabeled as FJUD. This is a scope-integrity problem that can lead to ingestion of unintended datasets, metadata corruption, and downstream retrieval or compliance errors because non-civil content is silently mixed into the collection.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The top-level skill description asserts a civil-only scope, but the later admission that FINT files are still processed contradicts that guarantee. In a data-ingestion skill, misleading scope statements are security-relevant because users may rely on them to maintain dataset boundaries, and silent cross-scope ingestion can contaminate indexes and expose data outside the intended classification.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
Reasoning snippets from court judgments are sent over HTTP to the configured Ollama endpoint without enforcing localhost-only usage, TLS, or any explicit trust boundary checks. If operators point `--ollama` to a remote or insecure host, potentially sensitive legal text may be disclosed to another service or intercepted in transit.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal