Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Founder Legal Copilot
v1.0.0Legal copilot that guides founders from incorporation to exit with 27 legal deliverables across 5 startup phases
⭐ 0· 69·0 current·0 all-time
byDanillo Costa@danillo7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to be a legal copilot that generates SAFEs, reviews contracts, performs health checks, and runs live due diligence. The SKILL.md and config.json request inference (Friendli.ai / Contextual AI), live scraping (Apify), PII scrubbing (Civic), and persistent memory (Redis) which are all coherent with the stated features. However, the registry metadata reported 'Required env vars: none' and 'Primary credential: none' while SKILL.md explicitly lists several required keys — this mismatch is an integrity concern (likely manifest omission).
Instruction Scope
The SKILL.md instructions stay within the stated legal-due-diligence/generator/reviewer scope: parse documents, scrub PII, perform RAG grounding, call Apify actors for public records, and store session/deal history in Redis. There are no instructions to read arbitrary local system files or to exfiltrate data to opaque endpoints. Notable behaviors: (1) Civic plugin is used to scrub PII before inference, and (2) Apify is used to scrape PACER/EDGAR/state corp records — both network actions that involve sending data off-host and may return sensitive findings. The skill will collect and persist deal-related data in Redis (expected for memory) — be mindful of what you allow it to store.
Install Mechanism
This is an instruction-only skill with no install spec or code files — lowest install risk. It does instruct installing OpenClaw plugins (redis-agent-memory, civic-nexus) and adding an Apify MCP server; those are standard platform plugin operations rather than arbitrary downloads or extracted archives.
Credentials
SKILL.md requires multiple credentials: FRIENDLIAI_API_KEY, CONTEXTUAL_AI_API_KEY, APIFY_API_TOKEN, REDIS_URL, CIVIC_CLIENT_ID, plus optional ELEVENLABS_API_KEY. Those keys map to the skill's features and are proportionate in purpose. The concern is twofold: (1) the published registry metadata lists no required env vars (a mismatch that could mislead users or automated policy checks), and (2) providing these credentials grants the skill live access to external inference, scraping, and persistent storage — sensitive privileges that should be scoped and audited (use least-privileged keys, rate/cost controls, and separate test accounts).
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable (normal). It uses Redis for session/deal memory (config.json indicates TTL ~90 days and a namespace). Persistent storage of deal documents and diligence reports is expected for this use case, but you should confirm retention policy, access controls, and whether memory is encrypted. Autonomous invocation is allowed by default on the platform — combined with live API keys and persistent memory this increases blast radius if keys are leaked or the agent behaves unexpectedly; this is a caution rather than a definitive vulnerability.
Scan Findings in Context
[NO_CODE_SCAN] expected: The package is instruction-only (no code files) so the regex-based scanner had nothing to analyze. SKILL.md and config.json are the primary surface for risk analysis.
What to consider before installing
Key things to check before installing or enabling this skill:
1) Manifest mismatch: SKILL.md lists several required environment variables (Friendli.ai/Contextual AI/Apify/Redis/Civic) but the published registry metadata claims none. Do not assume you can use the skill without providing keys — verify the manifest and ask the publisher to fix registry metadata.
2) Use least-privileged, dedicated credentials: provide scoped or test API keys (not org-wide or admin secrets). For Redis, use a separate namespace and rotate credentials. For Apify, be aware of rate limits and potential costs.
3) Verify PII handling: the skill claims to scrub PII via the Civic plugin before sending to inference — test and validate that scrubber, and avoid sending privileged or attorney-client materials through the system until you confirm scrubbing behavior.
4) Data retention & access: confirm how long Redis stores data (config.json references TTL), whether data is encrypted at rest/in transit, who can access it, and how to purge session data.
5) External scraping & legal/financial implications: Apify actors are used to query PACER, state filings, etc. Scraping PACER or other paid services may require credentials/fees and could be rate-limited or subject to terms of service — confirm legal/compliance aspects before automated scraping.
6) Provider endpoints and trust: the skill references third-party providers (friendli.ai, contextual.ai, apify). Verify these endpoints, their privacy policies, and that you trust them with extracted contract content or diligence data.
7) Legal disclaimers and licensing: the skill provides templates and claims grounding in YC/NVCA/Orrick templates — verify template provenance and license before using drafts in transactions; always have a licensed attorney review final documents.
If you decide to proceed, start with a test account and dummy data, audit network calls and logs, and only escalate to production credentials after verifying the above items. If possible, ask the publisher to correct the registry metadata so automation and policy checks reflect the actual runtime requirements.Like a lobster shell, security has layers — review code before you run it.
latestvk974evxfp4v0kff17pbqw5fgjs83jmbs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.