ClawHub

Lawyer Case Archive Helper - 律师案件归档助手

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real local legal-archive helper, but its automatic Word-to-PDF step runs a PowerShell script built from user-controlled file paths.

Review before installing. Use only trusted case folders with simple, controlled path names, protect or delete generated OCR text and archive outputs according to your confidentiality obligations, and avoid adding real email or WeChat credentials to config files unless you have reviewed the code path that would use them. The package is not malicious on the evidence reviewed, but the PowerShell conversion implementation should be fixed or disabled before routine use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
$doc.Close($false); 
    $word.Quit()
    '''
    subprocess.run(['powershell', '-Command', cmd], capture_output=True)
    print(f"  已转换: {pdf_path}")
Confidence
96% confidence
Finding
subprocess.run(['powershell', '-Command', cmd], capture_output=True)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The docstring claims the redacted version contains no sensitive data, but the program explicitly processes legal case PDFs/images, extracts party names and case numbers, and writes derived outputs to disk. That mismatch can mislead operators into underestimating privacy and confidentiality risk when handling highly sensitive legal matter data.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The skill automates Microsoft Word through PowerShell and COM, which grants substantial local execution capability and expands the trust boundary to PowerShell and Word automation. In this legal-document context, that is risky because untrusted file paths or malformed documents may trigger unintended behavior, and Word automation is a powerful primitive on the host.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The documentation describes that the tool writes generated DOCX/PDF files and an OCR text dump into the case folder, but it does not clearly warn users that extracted case content will be persisted to disk. In a legal-archives context, these outputs can contain confidential client and case information, so lack of an explicit warning increases the risk of unintended local disclosure, backup propagation, or mishandling by users.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The tool writes OCR-recognized legal case text to a plaintext file in the case directory without explicit consent, warning, or retention controls. Because the content may include names, case facts, numbers, and other confidential legal material, this creates unnecessary at-rest exposure and increases the chance of accidental disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal