ClawHub

Book Lawyer

Security checks across malware telemetry and agentic risk

Overview

This skill is a small, instruction-only integration for searching and booking lawyers through Lokuli, with sensitive but expected contact-data sharing during booking.

Install this only if you intend to use Lokuli for lawyer search or booking. Before booking, confirm the lawyer/provider, service, time, fees or cancellation terms if available, and that you are comfortable sharing your name, email, phone number, and booking context with Lokuli or the selected provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger description is broad enough to match many generic lawyer-related requests, which can cause the skill to activate when the user is only asking for legal information rather than intending to search or book a service. In this context, over-triggering is risky because the skill connects to an external booking/search provider and may steer the interaction toward third-party service use without sufficiently clear user intent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The booking flow includes transmission of customerName, customerEmail, and customerPhone to an external Lokuli endpoint, but the skill does not warn that personal data will be shared with a third party. In a legal-services context, this is more sensitive because merely seeking a lawyer may reveal private or potentially confidential matters, making uninformed data transfer a significant privacy and trust risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal