Back to skill
Skillv1.1.0
ClawScan security
Self-Improving Legal · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 14, 2026, 10:22 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, hooks, and instructions are coherent with its stated purpose (capturing and promoting legal learnings) and do not request unrelated credentials or perform external network actions.
- Guidance
- This skill appears coherent and implements only local reminders, detectors, and scaffolding for legal learnings — it does not request secrets or call external endpoints. Before installing: 1) Review the scripts (activator.sh, error-detector.sh, extract-skill.sh) yourself to confirm you are comfortable with files they create; 2) Only enable hooks in trusted workspaces (hooks run with agent filesystem permissions and will create/modify files under the workspace); 3) Keep the CRITICAL guidance: do not record privileged attorney-client communications, settlement terms, or case strategy in .learnings/ — the skill relies on you to abstract sensitive content; 4) If you enable the PostToolUse detector, be aware it reads CLAUDE_TOOL_OUTPUT (platform-provided) — do not forward that output verbatim; 5) Prefer enabling the activator only with a matcher filter (so reminders fire for legal-related prompts) if you want to limit noise and exposure; 6) Verify the referenced GitHub repo URL before cloning if you plan to use the manual install path.
Review Dimensions
- Purpose & Capability
- okThe name/description (capture legal learnings, compliance gaps, clause risks) matches the included files: activator and detector scripts, examples, templates, and OpenClaw hook handlers. All scripts and documentation relate to creating/maintaining .learnings files, scaffolding new legal skills, injecting reminders at agent bootstrap, and detecting legal patterns in tool output — functionality expected for a 'self-improving legal' skill. There are no unrelated requirements (no cloud creds, no unrelated binaries).
- Instruction Scope
- noteRuntime instructions explicitly tell the agent to create and append to files under a .learnings/ workspace directory and to avoid logging privileged/confidential content. The activator and error-detector are intended to run as hooks (UserPromptSubmit and PostToolUse) and read platform-provided context (CLAUDE_TOOL_OUTPUT, agent event). This scope is appropriate for the stated purpose, but it does involve writing files into the project/workspace and injecting a virtual reminder file at bootstrap — so enable only in trusted environments and ensure operators follow the CRITICAL guidance about privilege/confidentiality.
- Install Mechanism
- okThe skill is instruction-only (no install spec). It includes local scripts and hook handlers in the package; there are no remote downloads or extracts performed by the skill itself. SKILL.md suggests cloning from a GitHub URL if installing manually (standard practice). Note: registry metadata listed source as unknown while the README references a GitHub repo; that's a minor metadata mismatch but not indicative of malicious behavior.
- Credentials
- okThe skill requires no environment variables or credentials. Scripts read platform-provided context (CLAUDE_TOOL_OUTPUT, event/session context) and write local workspace files — behavior that fits the described functionality. No secrets, API keys, or unrelated config paths are requested.
- Persistence & Privilege
- notealways:false and model-invocation is allowed (platform default). Hooks and scripts are opt-in: the user must copy/enable the hook and/or configure .claude/.codex settings to run activator/error-detector commands. When enabled, hooks run with the agent's permissions and can add files to the workspace (including creating skills via extract-skill.sh). This is expected for a workspace-integrated skill, but users should be aware hooks persist in workspace config until disabled and have the same filesystem privileges as the agent.