Skillv1.0.0

ClawScan security

Plea · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 6:46 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions ask the agent to read sensitive local data and to integrate with proprietary legal databases and e‑filing systems, but the skill declares no credentials, endpoints, or install requirements — the scope and required access do not match the declared metadata.
Guidance: This skill reads and potentially transmits very sensitive information (logs, emails, transaction records) and claims to submit filings to courts and query proprietary legal databases, but it provides no details about where it will connect or what credentials it needs. Before installing, ask the publisher: (1) exactly which services/endpoints will be contacted for citation lookups and e‑filing, and provide their domains; (2) what credentials or API keys are required and why; (3) what local files/paths the skill will access and whether explicit user consent will be requested each time; (4) whether the skill will ever submit documents without a human review/confirmation step; and (5) who operates/maintains the skill (contact info, affiliation, privacy policy). Do not grant access to emails, system logs, or court credentials until those questions are answered and until you can audit or sandbox the skill. If you plan to use it in production for legal actions, have a lawyer and your security team review the exact submission workflow and retain the ability to opt out of autonomous filings.

Review Dimensions

Purpose & Capability: concernThe name/description claim a legal drafting and e‑filing system (citation lookups, e‑filing integration, cross‑jurisdiction precedent). However the skill declares no APIs, credentials, binaries, or endpoints for LexisNexis/Westlaw, court e‑filing, or other legal services. That mismatch means required capabilities are unaccounted for in the metadata.
Instruction Scope: concernSKILL.md explicitly instructs the agent to "scan all relevant logs, emails, and transaction hashes" and to perform "real‑time cross‑referencing" and automated e‑filing. Those instructions direct collection and transmission of potentially sensitive data and autonomous submissions to external systems, but they are vague about exactly which files, services, or endpoints to use and lack any safeguards or explicit permission steps.
Install Mechanism: noteThere is no install spec or code — this is instruction‑only, which reduces surface risk from downloaded code. However, the runtime instructions imply integrations that would normally require additional libraries or network clients; the absence of an install plan contributes to the incoherence but is not itself high technical risk.
Credentials: concernThe skill requests no environment variables or credentials yet describes actions that would normally require access tokens (legal database subscriptions, court e‑filing credentials) and access to local sensitive data (email, logs). Declaring no required credentials while instructing access to these resources is disproportionate and ambiguous.
Persistence & Privilege: noteThe skill is not marked always:true and is user‑invocable (normal). Autonomous model invocation is allowed (platform default). Given the instruction to autonomously scan data and potentially file pleadings, allowing autonomous invocation increases risk — consider requiring explicit user confirmation before any external submission or access to personal data.