Terms Of Service
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a benign terms-of-service generator, with minor notes that it bundles shell scripts despite no install spec and one helper stores local command history/data.
This skill looks safe for generating draft Terms of Service text, but treat the output as legal boilerplate and review it with a lawyer. If you use the bundled shell commands, check which script runs and remember that one helper may save inputs locally.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may not know exactly how the bundled command is installed or which script is intended to run.
The artifacts include executable shell scripts and SKILL.md references a CLI command, but the install mechanism is not declared. The visible scripts are not inherently unsafe, so this is an under-declaration note rather than a concern.
No install spec — this is an instruction-only skill. Code file presence: 2 code file(s): scripts/script.sh; scripts/tos.sh
Before using the CLI, inspect which bundled script is invoked and prefer skills with a clear install or execution path.
If sensitive company details, emails, or draft terms are entered into that helper, they may remain in local files.
The helper script creates a local data directory and persists command history or added entries. This is local-only in the provided artifacts, but users should know their inputs may be stored.
DATA_DIR="${TERMS_OF_SERVICE_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/terms-of-service}" ... _log() { echo "$(date '+%m-%d %H:%M') $1: $2" >> "$DATA_DIR/history.log"; } ... cmd_add() { echo "$(date +%Y-%m-%d) $*" >> "$DB"; }Avoid entering secrets or sensitive legal/business information into the generic helper commands, or set TERMS_OF_SERVICE_DIR to a controlled location and delete the files when no longer needed.