Back to skill
Skillv1.0.0
ClawScan security
Build Legal Services FAQ Page · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 10:23 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only FAQ generator is internally consistent with its stated purpose and requests no credentials or installs, but outputs should be human-reviewed for legal accuracy and privacy before use.
- Guidance
- This skill appears coherent and low-risk, but consider these precautions before using it with real client matters: 1) Always have a qualified attorney or compliance reviewer verify outputs—do not treat generated content as legal advice. 2) Avoid pasting sensitive or personally identifying client data into prompts; web_search or chat calls may transmit content to external services. 3) Confirm jurisdiction-specific accuracy and cite primary sources—web_search results can be incomplete or out of date. 4) If you integrate this into automated workflows, remember the skill can be invoked by the agent (default behavior); keep human checkpoints for high-risk decisions. 5) Ensure any connected chat/web_search providers meet your privacy/compliance requirements before sending confidential material.
Review Dimensions
- Purpose & Capability
- okThe name/description (generate legal-services FAQ content) match the instructions: drafting FAQs, clarifying audience/goals, and using chat/web_search. No unrelated binaries, env vars, or credentials are requested.
- Instruction Scope
- okSKILL.md contains scoped, document-focused steps (clarify audience, draft, refine). It references chat and web_search APIs only and explicitly recommends human review; it does not instruct reading system files, environment variables, or other unrelated data sources.
- Install Mechanism
- okNo install spec or code files are present (instruction-only), so nothing will be written to disk or fetched at install time.
- Credentials
- okNo environment variables, credentials, or config paths are required. The declared APIs (chat, web_search) are proportional to producing and fact-checking FAQ content.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request persistent system-wide privileges or claim to modify other skills' configs.