ClawHub

法眼-全能法律专家顾问

Security checks across malware telemetry and agentic risk

Overview

This legal-assistance skill is not malicious, but it needs Review because it handles high-stakes legal drafting and sensitive identity data with broad activation and some overstated verification capabilities.

Install only if you are comfortable using it as a drafting and education aid, not as verified legal advice. Avoid pasting full ID numbers, addresses, phone numbers, identity-document scans, or third-party personal data unless truly necessary; use placeholders or redaction first. Independently verify current laws, filing rules, deadlines, and enforceability with official sources or a licensed lawyer before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (22)

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill markets itself as a comprehensive legal expert with mandatory multi-step contract review, litigation drafting, case retrieval, and legal validation, but the file is only a prompt/specification and does not actually implement those capabilities. In a legal-advice context, this mismatch is dangerous because users may rely on nonexistent checks, retrieval, or drafting safeguards when making legal decisions, causing incorrect advice, missed deadlines, or defective filings.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The SOP declares a strict '禁止跳步' requirement early on, but later permits accelerated and emergency paths that omit mandated steps. This creates ambiguous execution rules that can cause the agent to skip legal validation, fact-gathering, or external verification, producing inconsistent or insufficiently reviewed contract advice in a high-stakes legal context.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The template states that upon payment default, the non-breaching party may apply for compulsory enforcement based on the private settlement itself, but the later guidance correctly says a privately signed settlement cannot be directly enforced unless it has been judicially confirmed or converted into a court mediation instrument. In a legal-advice skill, this contradiction is dangerous because users may rely on the template language, sign an agreement under false assumptions about enforceability, and lose time, leverage, or procedural rights when a breach occurs.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The module and function documentation state that the tool searches regulations via WebSearch API and returns legal text and status, but the implementation only prints suggested sources and returns a placeholder object. In a legal-assistance skill, this mismatch is dangerous because downstream agents or users may rely on the output as if a real, up-to-date legal search occurred, causing legal advice based on unverified or stale information.

Intent-Code Divergence

Low
Confidence
91% confidence
Finding
The function claims to search regulations by case type, but it only emits search hints and returns metadata without performing any search. In the context of a law-expert skill, this creates a reliability and safety issue because users may believe case-specific legal authorities were actually checked before generating legal conclusions or litigation documents.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The module advertises that it can validate whether a law is currently effective, but it performs no actual validation and only prints manual web-search instructions. In a legal-assistance skill, this mismatch is dangerous because downstream users or agents may rely on the tool's name, docstrings, and output framing as if a real compliance/timeliness check occurred, leading to incorrect legal advice or citation of repealed law.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The function documentation promises structured legal-status outputs such as current status, effective date, and revision date, but the implementation returns a fixed placeholder status and omits the promised date fields entirely. This creates a trust-boundary failure where other components may parse the result as authoritative legal metadata, causing automation or human users to make legal decisions based on fabricated completeness.

Vague Triggers

High
Confidence
84% confidence
Finding
A catch-all trigger like 'any legal-related question' is so broad that it can activate in ambiguous conversations and present the skill as authoritative in situations where the user did not clearly request legal workflow handling. In a legal domain, over-activation increases the chance of unsolicited or misplaced legal-style guidance, which can mislead users in sensitive matters.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list includes very broad, common phrases such as '协议', '签约', and general contract-related wording that can appear in ordinary conversation. In practice this can cause unintended activation of the contract-review workflow, leading the agent to assume a legal-review posture without clear user consent or sufficient context, which is risky for a legal advisory skill.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad everyday dispute terms such as “纠纷”, “官司”, “起诉”, and “赔偿”, which can cause the legal-diagnosis skill to activate in loosely related conversations. In a legal advisory skill, unintended activation is more dangerous than usual because it may steer users into legal guidance flows, collect sensitive facts, or produce quasi-legal recommendations when the user did not intend to invoke specialized advice.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes very broad terms such as “法律文书”, “起诉书”, and “申请书” without any gating logic, exclusions, or confirmation step tied specifically to high-risk legal drafting behavior. In a legal-assistance skill, overbroad activation can cause the agent to enter a document-generation workflow prematurely, producing jurisdiction-sensitive or legally consequential content from ambiguous user input and increasing the chance of unsafe or inappropriate assistance.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes broad phrases such as “有没有法律风险” and “公司合规”, which can plausibly appear in ordinary conversation and unintentionally activate the compliance-audit workflow. In a legal assistant, accidental invocation can cause the agent to enter a specialized audit path, collect unnecessary sensitive business details, or provide mismatched legal-style guidance when the user did not request a formal compliance review.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad, high-frequency legal terms such as “知识产权”, “版权”, and “商业秘密”, which can cause the skill to activate in situations where the user did not intend to invoke this SOP. In a legal-assistance skill, unintended routing is risky because it may steer users into a specialized workflow prematurely, producing irrelevant or overconfident legal guidance and increasing the chance of incorrect handling of sensitive matters.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger condition includes a catch-all for essentially any legal-related question not matched elsewhere, which can cause this fallback SOP to activate too broadly. In a legal-advice skill, overbroad routing is risky because users may receive generic Q&A handling instead of a more specialized workflow with stronger checks such as limitation-period verification, document validation, or domain-specific safeguards.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list includes very broad everyday phrases such as “合法吗”, “可以吗”, and “合理吗”, which can cause the legal-analysis workflow to activate unintentionally in ordinary conversations. In a legal skill, accidental triggering is risky because it may cause the agent to enter a quasi-advisory mode, produce legal guidance without clear user intent, and route users into downstream rights/claim workflows they did not request.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes broad everyday phrases such as “有案例吗” and “以前怎么判的”, which can overlap with ordinary conversation and cause the case-search workflow to activate unintentionally. In a legal-advice skill, accidental activation can steer the agent into producing legal-analysis-style outputs or unnecessary web searches when the user did not clearly request case retrieval, increasing the risk of irrelevant, misleading, or overconfident legal assistance.

Missing User Warnings

High
Confidence
97% confidence
Finding
The SOP instructs collection of highly sensitive personal data such as ID numbers, addresses, and phone numbers for litigation documents, but provides no privacy notice, minimization rule, masking guidance, or retention boundary. In a legal-assistance context, users may disclose real third-party and first-party identity data, creating significant privacy, compliance, and misuse risk if the system stores, logs, or over-collects that information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template collects highly sensitive personal identifiers such as ID-card numbers in a broadly reusable document without any accompanying guidance on minimization, redaction, storage, or transmission safety. In a legal-assistance skill, users are especially likely to paste real data, so the omission increases the risk of unnecessary exposure, over-collection, and privacy harm if the content is shared, logged, or reused insecurely.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Requesting identity-document copies without any privacy or data-protection warning encourages users to assemble especially sensitive documents without safeguards. Because this is a legal template intended for court submission, users may reasonably trust it and provide full copies containing ID numbers, addresses, and other personal data, creating avoidable exposure risk during drafting, transmission, and retention.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide explicitly tells users to upload身份证明 and evidence materials, which commonly contain highly sensitive personal data such as ID numbers, home addresses, phone numbers, order details, and chat histories. Without a warning to redact unnecessary fields or minimize submitted data, users may over-disclose personal information to platforms, agencies, or leaked copies of complaint records, creating avoidable privacy and identity-theft risk.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Overly broad trigger phrases like general legal-question wording can cause the skill to activate unexpectedly in unrelated conversations, increasing the chance of unintended prompt routing and disclosure of irrelevant or sensitive user context to the skill. In a legal-assistance skill, accidental invocation is more concerning because conversations may contain personal, employment, financial, or dispute details that users did not intend to process under this workflow.

Vague Triggers

Medium
Confidence
84% confidence
Finding
A vague diagnostic entry point such as '我好像遇到了麻烦…' lacks clear boundaries and can capture many non-legal or highly sensitive situations, leading to unintended skill engagement. Because this skill is framed as a first-response legal advisor, accidental activation may prompt collection or structuring of sensitive facts before the user has explicitly chosen a legal workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal