ClawHub

Legal Guard

Security checks across malware telemetry and agentic risk

Overview

Legal Guard is a mostly transparent, instruction-only safety skill, but it documents standing approvals for legal actions without clear limits.

Install only if you want an instruction-level guardrail for legal and financial approvals. For any contract, subscription, ToS acceptance, CLA, or wallet signature, use only `allow-once`; avoid `allow-always` unless OpenClaw shows exactly what future actions it covers, how long it lasts, and how to revoke it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The README states that signing requires a one-time `/approve <id> allow-once`, but the usage section also documents `/approve <id> allow-always`. For a legal-signing guard, persistent approvals materially weaken the claimed human-in-the-loop control and could let future legal actions proceed under a broad standing authorization.

Vague Triggers

Medium
Confidence
80% confidence
Finding
Saying the skill activates automatically when a triggering context is detected, without defining trigger boundaries, creates room for inconsistent or overly narrow detection. In a legal-approval control, ambiguous activation can cause the guard not to engage for edge cases such as updated terms, embedded clickwraps, or wallet-sign prompts, leading to unreviewed legal commitments.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The Chinese usage section repeats the same ambiguous automatic-activation claim without specific coverage limits. Because this skill is meant to prevent legally binding actions, unclear activation semantics in any language variant can mislead users into assuming comprehensive protection where edge cases may bypass review.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal