ClawHub

Legal Intake Pilot

Security checks across malware telemetry and agentic risk

Overview

This legal intake skill is coherent, but it handles sensitive client data and CRM credentials without enough privacy, consent, retention, or compliance detail.

Install only after a lawyer or compliance owner reviews the workflow. Use mock data first, require explicit privacy notice and consent before collection or CRM transfer, restrict CRM credentials to least privilege, add human confirmation before writes, and define retention, redaction, access-control, and audit requirements. Do not treat the prompt rules alone as proof of HIPAA compliance or UPL protection.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs collection of sensitive legal-intake information and transmission to a `leads` database and external CRM platforms, but it does not require clear user notice, informed consent, or data-minimization controls before storage and sharing. In a legal-intake context, this is especially risky because the data may include privileged, highly sensitive personal or medical details, creating privacy, confidentiality, and compliance exposure if users do not understand where their information is going.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The guide instructs operators to place a live API credential in a `.env` file but gives no accompanying guidance on secret handling, storage restrictions, rotation, or preventing accidental source-control exposure. In a legal intake context, compromise of a Clio API key could expose highly sensitive client and matter data, making this more dangerous than in a low-sensitivity application.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal