ClawHub

Founder Legal Copilot

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but it should be reviewed because it can investigate people and companies, transmit sensitive legal identifiers to third-party services, and retain legal deal data.

Review before installing or using on real matters. Use least-privileged API keys, a secured Redis instance, and avoid entering privileged legal documents, EINs, or personal background data unless you have authority to share them with the listed providers. Do not use the key-hire diligence output for employment or adverse decisions without qualified legal review and independent verification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
This prompt explicitly directs collection of personal background, bankruptcy, sanctions, and employment-history data on individuals such as key hires and officers. Even if sourced from public records, aggregating and synthesizing this data creates privacy, profiling, and misuse risks that are broader than a typical founder legal copilot and may process sensitive legal-history information without clear necessity, minimization, or user safeguards.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill expands from a startup legal copilot into a broad counterparty intelligence and investigative system that gathers live public data across regulators, courts, corporate registries, and profile sites. This capability shift increases the chance of misuse for surveillance, invasive profiling, or decisions based on incomplete legal-risk signals, especially because the manifested role does not clearly bound or justify this investigative function.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states that every SAFE generated and contract reviewed is stored in Redis as persistent deal memory, but it does not clearly disclose retention period, access controls, encryption, or consent/opt-out behavior. Because this skill handles highly sensitive legal and financing documents, silent persistence materially increases the risk of unintended disclosure, cross-session leakage, and privacy noncompliance.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The due-diligence workflow accepts sensitive identifiers such as EINs and sends queries to external services like Apify and public-record sources, yet the skill does not present a clear privacy warning, legal basis, or handling constraints for that data. In a legal copilot context, users may input confidential or regulated business information, so undisclosed transmission to third parties can expose organizations to privacy, confidentiality, and compliance risks.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The content gives blanket legal guidance that founders must form a Delaware C-Corp before fundraising, without qualifying that this depends on business model, financing plans, jurisdiction, and legal counsel. In a legal copilot skill, overgeneralized jurisdiction-specific advice can mislead users into taking costly or unnecessary legal actions based on incomplete context.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The text states that non-solicitation clauses are enforceable in most states, including California, when properly drafted, which is a jurisdiction-sensitive legal claim presented too broadly. Because enforceability varies materially by state, role, contract language, and evolving case law, users may rely on inaccurate compliance guidance and deploy unenforceable or risky agreements.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The prompt instructs the model to collect and synthesize sensitive personal and legal-history data, including bankruptcy, sanctions, and employment background, but does not include a user-facing warning or handling constraints around privacy, legal restrictions, or false-match risk. Without those safeguards, users may over-rely on the tool for adverse decisions or collect data in ways that trigger compliance, fairness, and reputational issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal