Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
the ediscovery claw
v1.0.0E-Discovery costs $3,000+ per GB when outsourced. edisclaw processes, deduplicates, culls, and searches ESI collections locally for a fraction of the cost—gi...
⭐ 0· 442·0 current·0 all-time
byJagadeeshvar Muralidharan@jagadeeshmurali-coder
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description match the instructions and required binary. The skill only requires the edisclaw binary and provides commands for ingesting, deduplicating, culling, searching, reviewing, and producing ESI, which is coherent with an e‑discovery tool.
Instruction Scope
SKILL.md restricts runtime behavior to invoking the edisclaw CLI and describes local storage (~/.edisclaw). However, several Pro features (e.g., --source gdrive, TAR active learning, upgrade flow) imply network interaction, OAuth or other credentials and potential remote service communication that are not described or declared in requires.env. The instructions do not tell the agent to read unrelated system files or env vars.
Install Mechanism
Install is via a third‑party Homebrew tap (legal-tools/tap) which will create an edisclaw binary. Homebrew taps are common, but are less vetted than core Homebrew packages — the install writes a binary to the system and its behavior depends entirely on that compiled code (which is not included in the skill bundle).
Credentials
The skill declares no required environment variables or credentials, which matches an instruction-only wrapper that invokes a local CLI. That said, certain optional Pro features likely require OAuth tokens or account credentials (e.g., Google Drive ingestion, upgrade/pro features) but these are not declared by the skill.
Persistence & Privilege
always is false and the skill does not request elevated or system‑wide privileges. The tool stores data under ~/.edisclaw which is expected for this application; no instructions indicate modification of other skills or global agent settings.
Assessment
This skill looks like a straightforward wrapper for a CLI tool and is coherent with its stated purpose, but you should verify a few things before installing or running it on sensitive data: 1) Inspect the Homebrew formula in the legal-tools/tap repo (and the linked GitHub project) to confirm the source code, build steps, and checksums — don't blindly trust a third‑party tap. 2) Expect network activity for 'Pro' features (OAuth flows for Google Drive, upgrade checks, model training telemetry). Ask what endpoints the binary contacts and what credentials/scopes it requests; prefer interactive OAuth over pasting secrets into env vars. 3) Test the binary in an isolated environment (VM or container) with non‑sensitive sample data to confirm that free‑tier operation keeps data local as claimed. 4) Review the privacy/license/payment terms shown by edisclaw during 'upgrade pro' to understand what data might be uploaded or logged. 5) Check ~/.edisclaw contents and file permissions after a run to ensure no unexpected data exfiltration. If you need higher assurance, request the upstream project's source and build artifacts and/or build the binary yourself from the repository before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk978spr4v063hdvbc11zzd5wsd81qp87
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔎 Clawdis
Binsedisclaw
Install
Install edisclaw (brew)
Bins: edisclaw
brew install legal-tools/tap/edisclaw