ClawHub

Legal Contract Qa

Security checks across malware telemetry and agentic risk

Overview

This legal contract assistant is mostly coherent, but it can persist sensitive contract and query information into a reusable knowledge base without enough user-facing control.

Review this before installing in any real legal workspace. Use it only where uploaded contracts and user questions may be stored locally in the skill knowledge base, and require explicit approval before ingesting documents or generating FAQs from user queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly states that high-frequency queries are automatically converted into FAQ entries, but it provides no notice, consent model, sanitization rules, or retention boundaries for user-submitted query content. In a legal contract assistant, queries may contain confidential deal terms, counterparties, pricing, or strategy, so reuse of those prompts for shared knowledge artifacts can leak sensitive information across users, sessions, or projects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Ingest mode instructs the agent to write uploaded contract data into multiple knowledge-base files and move source files, but it does not require an explicit user-facing warning or confirmation that the action will persist data and modify repository state. In a legal-document workflow, this can lead to unintended retention of sensitive contracts, accidental corpus poisoning, or irreversible knowledge-base changes triggered by an ambiguous request.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The Lint mode tells the agent to run a local Node.js script but does not disclose to the user that local code execution will occur. Even though the script path is fixed and appears intended for maintenance, undisclosed code execution increases operational risk, especially if the repository contents are modified or untrusted.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal