ClawHub

法律检索助手

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable Chinese legal-research prompt skill with legal-advice quality risks, but no hidden code, credential access, persistence, or system-level behavior was found.

Install only if you want a Chinese-law research template for debt, labor, and contract questions. Treat outputs as general information, verify statutes, deadlines, formulas, and cases with current official sources, and consult a qualified lawyer before acting. Be aware that the skill includes an off-platform website and paid WeChat consultation promotion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes broad, everyday legal phrases such as “查法律”“找法规”“相关案例”, which can cause the skill to activate in conversations that only casually mention legal topics. In an agent setting, over-broad activation can route unrelated user data into this skill and produce unreviewed legal guidance when the user did not explicitly request it.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The generic scenario description (“想查某条法律规定、找不到具体法条、不知道适用哪个法律”) is vague and does not clearly bound when the skill should engage. This increases accidental invocation and may cause the assistant to provide authoritative-sounding legal analysis outside the intended debt/labor/contract scope.

Missing User Warnings

High
Confidence
94% confidence
Finding
This skill provides concrete legal rules, compensation formulas, and action guidance, but it lacks a visible disclaimer that outputs are informational and not a substitute for licensed legal advice. In a legal domain, users may rely on incomplete or outdated guidance to make decisions affecting litigation, employment rights, debt obligations, or contractual remedies.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes broad, everyday legal phrases such as “查法律”, “找法规”, “法律依据”, and “相关案例”, which can easily appear in normal conversation and cause unintended invocation. In a legal-assistance context this can route users into the skill without clear intent, increasing the chance of irrelevant handling, privacy exposure through overshared legal facts, or bypass of more appropriate workflows.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal