Back to skill
Skillv1.0.0
ClawScan security
Legal Evidence Organization Matrix · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 26, 2026, 1:09 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a descriptive, instruction-only skill that generates legal evidence organization frameworks and does not request credentials, install code, or perform external actions — its declared behavior matches its files and instructions.
- Guidance
- This skill appears internally consistent and lower-risk because it’s document-only and contains no code or external endpoints. Before using it, do not paste privileged, confidential, or personally identifying evidence into the chat unless you have the right to share it; always verify any legal conclusions or jurisdiction-specific requirements with qualified counsel; and do not use the skill to plan or facilitate illegal activity or to fabricate evidence. If you need automation that accesses documents or databases, prefer a skill that explicitly documents safe access methods and necessary credentials rather than pasting sensitive data into an instruction-only skill.
Review Dimensions
- Purpose & Capability
- okThe skill's name and description align with its contents: SKILL.md, README.md, and skill.json all describe a document-only workflow helper for organizing evidence. There are no declared binaries, env vars, or external APIs required that would be unrelated to the stated purpose.
- Instruction Scope
- noteSKILL.md instructs the agent to ask users for matter context and facts and to produce checklists, matrices, and templates — this stays within the stated descriptive purpose. Note: collecting user-supplied facts or documents may involve sensitive or privileged information; the skill itself has no code to access files or networks, but users should avoid pasting privileged/confidential materials into the chat unless appropriate.
- Install Mechanism
- okNo install spec or code files are present; the package is instruction-only per ACCEPTANCE.md and the repo contents. This minimizes disk-write or remote-code risks.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The lack of required secrets is proportionate to a descriptive/template skill.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills, and has no installation steps that would persist privileged configuration. Autonomous model invocation is allowed by default but not combined with other risky attributes here.