Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Legal Gstack
v1.0.0法律工作流程自动化套件。8 个专家角色:法律检索、文书起草、证据分析、庭审准备、直播运营、客户接待、利益冲突审查、案件管理。
⭐ 0· 90·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description and per-role SKILL.md files align with a legal workflow assistant that reads local case files and writes local outputs. However, the '直播运营 / 实时监听抖音评论' capability implies external network access and probably API credentials, yet the skill declares no required binaries, env vars, or install steps. Also registry metadata Owner ID (kn7dg83...) does not match _meta.json ownerId (kn70cjr...), and there is no source/homepage to verify provenance.
Instruction Scope
Runtime instructions explicitly reference reading and writing sensitive local paths (~/Documents/.../进行中/, 知识库, 模板) which is expected for drafting and case management. But they also instruct '开始监控评论' and '秒级响应' for Douyin comments without specifying how to connect or what endpoints to use. The guidance '案件信息本地存储,不上传云端' is present but is a policy statement in prose, not an enforceable technical constraint; the SKILL.md gives no bounds on what the agent may send externally if the agent has network access.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes supply-chain risk (nothing is automatically downloaded or written to disk), which is consistent with the declared metadata.
Credentials
The skill requests no environment variables or credentials. That's reasonable for pure local-only tools, but inconsistent with live social-media monitoring which would typically require API tokens, webhooks, or third-party tools. The absence of declared credentials or guidance for secure API use is a gap that could lead implementers to supply credentials in an ad-hoc or unsafe way.
Persistence & Privilege
The skill is not marked 'always', is user-invocable, and does not request system-wide configuration changes. There are no install scripts or claims to modify other skills — privileges are limited to the agent invocation context. Note: autonomous invocation is allowed by default but not by itself a reason to mark malicious.
What to consider before installing
This skill looks like a coherent legal-workflow suite, but before installing you should: 1) Verify provenance — ask the publisher for source code, a homepage, or a trusted registry entry (the ownerId mismatch is a red flag). 2) Clarify the live-ops design — how does 'monitor Douyin comments' work, what API/credentials are required, and where is that data routed? 3) Confirm enforcement of the 'local storage only' claim — whether the agent runtime or model provider will transmit data off-device. 4) If you plan to use it with real client data, test in a sandboxed environment and restrict the agent's network and file permissions first. 5) Request an explicit list of required credentials and a data-flow description (what leaves the machine, where it goes, and who can access it). If the publisher cannot provide these, treat the skill as unsafe for sensitive client information.Like a lobster shell, security has layers — review code before you run it.
latestvk975pkzb1nezambcpmr7sa7xt183dx8h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.