Contract Risk Scan
Security checks across malware telemetry and agentic risk
Overview
This appears to be a straightforward contract risk review helper with no evidence of hidden network access, credential use, persistence, or destructive behavior.
This skill looks safe to use for preliminary contract triage. Contracts can contain sensitive business or personal information, so provide only the text or files you intend to review, and consult a qualified attorney for important legal decisions.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at the wrong file, the tool could include snippets of that file in the scan output.
The helper script can read a local file path supplied to the CLI so it can scan contract text. This is expected for the skill's purpose, and the artifacts do not show network transmission or file writes.
const contractText = fs.readFileSync(filePath, 'utf-8');
Use the scanner only with contract files you intentionally want reviewed, and treat the output as preliminary rather than legal advice.