Skillv1.0.0

ClawScan security

Moot Court AI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 19, 2026, 6:25 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (a Lobster-orchestrated 4-agent moot court) is plausible, but the package is instruction-only and missing the referenced Lobster workflow and concrete runtime artifacts, and its instructions are vague about what local files the agent will read or require—verify before installing or supplying API keys.
Guidance: This skill is plausible but incomplete. Before installing or providing API keys: (1) confirm the referenced 'moot-court.lobster' workflow exists and inspect it (the skill bundle does not include it); (2) verify the GitHub homepage and author to ensure the workflow is legitimate; (3) understand what local files the agents will read — do not place secrets in case files; (4) limit the API keys’ permissions or use dedicated/test keys for DeepSeek/DashScope; (5) run the skill in an isolated environment if you must test it. If the maintainer can supply the missing lobster workflow and a clear runbook, re-evaluate; otherwise treat this package as incomplete and proceed cautiously.

Review Dimensions

Purpose & Capability: concernName/description describe a Lobster-orchestrated 4-agent simulation and require openclaw + lobster binaries and two model API keys, which is coherent; however the SKILL.md references running a 'moot-court.lobster' workflow and deterministic Lobster orchestration while no workflow file or runtime artifacts are included in the skill bundle. That omission makes the skill incomplete and undermines the claim it will provide the orchestration.
Instruction Scope: noteInstructions expect the user to prepare case files and 'initialize materials into agent workspaces', then run the lobster workflow. This reasonably implies the agent will read user-supplied files (case briefs, complaints, evidence). The instructions are otherwise high-level and do not ask for unrelated system data, but they are vague about where the lobster file comes from and how agent workspaces are populated.
Install Mechanism: okThere is no install script (instruction-only), so nothing is written to disk by the skill itself. This is low-risk from an install perspective, but it increases reliance on external files and binaries being present and correct.
Credentials: okThe two required env vars (DEEPSEEK_API_KEY, DASHSCOPE_API_KEY) match the declared model stack (DeepSeek and a DashScope-compatible Qwen endpoint). Requesting two model keys is proportionate to a multi-model orchestration; no unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request always: true and declares no config paths. Autonomous invocation is allowed (default) but not combined with elevated persistence or cross-skill config changes.