ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gov Court Records

v1.0.0

Search US court opinions, dockets, and judges. 3 tools for federal court records research.

0· 409·0 current·0 all-time
byMartin@martc03
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to search US court opinions, dockets, and judges (CourtListener) which aligns with the provided tools. Requiring the mcporter binary to register an MCP server is plausible given the OpenClaw MCP model, but the explicit inclusion of PACER as a data source while also asserting 'All data from free public APIs. Zero cost.' is inconsistent (PACER is a paid system).
!
Instruction Scope
The SKILL.md instructs the agent/user to add a remote MCP server URL (https://court-records-mcp.apify.actor/mcp) either via mcporter or by editing ~/.openclaw/mcp.json. That routes all queries through a third-party proxy, which can observe/search/record queries and results. The instructions do not request unrelated local files or credentials, but they do ask to modify a local agent config (persisting the server).
Install Mechanism
This is an instruction-only skill (no install spec), so nothing is written by the skill itself. However it requires the mcporter binary to be present; users must obtain/trust that binary independently. The remote endpoint is hosted on an apify.actor domain (a third-party hosting service) rather than an official CourtListener host, which increases the trust surface.
Credentials
No environment variables or credentials are requested, which is proportionate. However the SKILL.md references PACER as a source (a paid system) while asserting zero-cost public APIs; if PACER content is being provided via a proxy, that may imply the proxy is doing additional scraping or using credentials, which isn't explained.
Persistence & Privilege
always:false and user-invocable are appropriate. The main persistence concern is that the guide asks the user to add a remote server to ~/.openclaw/mcp.json (a persistent config change) — this is expected for MCP servers but means future queries will go through that endpoint until removed.
What to consider before installing
Before installing/using this skill: 1) Consider trust: the skill instructs you to add a third‑party MCP server (court-records-mcp.apify.actor). That endpoint will see every query and response — only add it if you trust that operator. 2) Verify mcporter: the skill requires a local mcporter binary; obtain it from a trusted source and verify it before use. 3) Question the PACER claim: PACER is normally paid; ask the author how PACER data is being provided for 'zero cost' and whether any credentials or scraping are involved. 4) If you need stronger privacy/assurance, prefer a skill that uses official CourtListener APIs or self-host the MCP proxy. 5) Check the linked GitHub repo (owner and code) and prefer reviews/community trust before adding the server to your ~/.openclaw/mcp.json. Removing the server from your config will stop future queries from going to that endpoint.

Like a lobster shell, security has layers — review code before you run it.

latestvk9764zq45z2sgycn65dd30ff8s81zhyg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

⚖️ Clawdis
Binsmcporter

Comments