Self-Improving Legal
v1.1.0Captures clause risks, compliance gaps, precedent shifts, contract deviations, regulatory changes, and litigation exposure to enable continuous legal operati...
⭐ 0· 58·0 current·0 all-time
byJosé I. O.@jose-compu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (capture legal learnings, compliance gaps, clause risks) matches the included files: activator and detector scripts, examples, templates, and OpenClaw hook handlers. All scripts and documentation relate to creating/maintaining .learnings files, scaffolding new legal skills, injecting reminders at agent bootstrap, and detecting legal patterns in tool output — functionality expected for a 'self-improving legal' skill. There are no unrelated requirements (no cloud creds, no unrelated binaries).
Instruction Scope
Runtime instructions explicitly tell the agent to create and append to files under a .learnings/ workspace directory and to avoid logging privileged/confidential content. The activator and error-detector are intended to run as hooks (UserPromptSubmit and PostToolUse) and read platform-provided context (CLAUDE_TOOL_OUTPUT, agent event). This scope is appropriate for the stated purpose, but it does involve writing files into the project/workspace and injecting a virtual reminder file at bootstrap — so enable only in trusted environments and ensure operators follow the CRITICAL guidance about privilege/confidentiality.
Install Mechanism
The skill is instruction-only (no install spec). It includes local scripts and hook handlers in the package; there are no remote downloads or extracts performed by the skill itself. SKILL.md suggests cloning from a GitHub URL if installing manually (standard practice). Note: registry metadata listed source as unknown while the README references a GitHub repo; that's a minor metadata mismatch but not indicative of malicious behavior.
Credentials
The skill requires no environment variables or credentials. Scripts read platform-provided context (CLAUDE_TOOL_OUTPUT, event/session context) and write local workspace files — behavior that fits the described functionality. No secrets, API keys, or unrelated config paths are requested.
Persistence & Privilege
always:false and model-invocation is allowed (platform default). Hooks and scripts are opt-in: the user must copy/enable the hook and/or configure .claude/.codex settings to run activator/error-detector commands. When enabled, hooks run with the agent's permissions and can add files to the workspace (including creating skills via extract-skill.sh). This is expected for a workspace-integrated skill, but users should be aware hooks persist in workspace config until disabled and have the same filesystem privileges as the agent.
Assessment
This skill appears coherent and implements only local reminders, detectors, and scaffolding for legal learnings — it does not request secrets or call external endpoints. Before installing: 1) Review the scripts (activator.sh, error-detector.sh, extract-skill.sh) yourself to confirm you are comfortable with files they create; 2) Only enable hooks in trusted workspaces (hooks run with agent filesystem permissions and will create/modify files under the workspace); 3) Keep the CRITICAL guidance: do not record privileged attorney-client communications, settlement terms, or case strategy in .learnings/ — the skill relies on you to abstract sensitive content; 4) If you enable the PostToolUse detector, be aware it reads CLAUDE_TOOL_OUTPUT (platform-provided) — do not forward that output verbatim; 5) Prefer enabling the activator only with a matcher filter (so reminders fire for legal-related prompts) if you want to limit noise and exposure; 6) Verify the referenced GitHub repo URL before cloning if you plan to use the manual install path.Like a lobster shell, security has layers — review code before you run it.
latestvk975kbe6sd8n4w4fm1xnp174ex84v4r6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.