Back to plugin

Security audit

Legal Data Plugin for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed legal-data MCP plugin that uses a Cleo API key and remote legal lookup tools, with no evidence of hidden execution, exfiltration, or destructive behavior.

Install only if you are comfortable sending legal, customs, sanctions, or compliance queries to Cleo Legal's remote MCP service using a Cleo API key. Review where the setup stores the key, especially if you choose to place it in your shell profile, and treat the returned legal/compliance output as advisory rather than a substitute for a licensed professional.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill description uses broad activation language such as 'use whenever the user asks' and includes open-ended legal/regulatory requests across many jurisdictions. This can cause the agent to invoke the skill for loosely related research queries, increasing the chance of unnecessary external data access, over-reliance on one source, or misrouting non-legal prompts into a legal workflow.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The catch-all trigger 'Any question that benefits from grounded legal citations' is ambiguous and significantly broadens invocation scope. In practice, many compliance, product, audit, or general advisory prompts could match this phrase, causing unintended activation and potentially leading the agent to present legal-source-backed output where the user did not request legal analysis.

YARA rule 'agent_skill_mcp_tool_poisoning_metadata': MCP/tool metadata poisoning indicators in tool schemas or skill manifests [agent_skills]

High
Category
YARA Match
Content
---
name: customs-hs-classifier
description: Classify products into HS, TN VED, CN8, or HTS tariff codes from a description in any language (RU, ZH, AR, EN, FR, …). Returns top candidates with confidence + customs rationale. Use when the user has a product and needs the import/export code, asks "what HS code for X?", "TN VED for Y", or wants to figure out customs duties.
version: 1.0.0
metadata:
  openclaw:
Confidence
80% confidence
Finding
description:; description:; description:; description:; description: "石材切割机", country: "RU", system:; description>" (system:

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest description includes a wide range of generic trigger terms such as 'AML', 'screening', 'embargoes', and natural-language phrasings like 'is X sanctioned by Y?'. In an agentic routing system, overly broad triggers can cause the skill to be invoked for loosely related legal, geopolitical, or compliance queries, increasing the chance of inappropriate data handling, user confusion, or incorrect reliance on a sanctions workflow where it does not fit.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.