ClawHub

case.dev

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate case.dev legal-workflow integration, but it needs review because it gives agents broad API, upload, download, and sensitive legal-data handling authority without enough scoping or warnings.

Install only if you trust case.dev and intend to let an agent handle legal materials through that service. Prefer Homebrew or inspect the shell installer first, protect API keys, confirm exact files and directories before upload or download, and require explicit approval for raw API calls, API URL overrides, web fetches, recursive uploads, and any operation that creates or changes remote data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill recommends executing a remotely fetched shell installer without any warning, verification step, or integrity check. This is dangerous because users may run arbitrary code from a network source directly in their shell, and if the source, repository, or transport chain is compromised, the command can execute attacker-controlled code immediately.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill demonstrates uploading local files and sending external document URLs to case.dev for OCR, but it does not explicitly warn that document contents will be transmitted to a third-party remote service. In a legal AI context, documents commonly contain privileged, confidential, or regulated data, so omission of a privacy/data-handling warning can cause users to expose sensitive material unintentionally.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description includes very broad trigger phrases such as "search", "webfetch", and "legal skills", which can cause this skill to activate for generic user requests that are not specifically about case.dev. Over-broad routing increases the chance that user queries are sent to an external CLI/web-fetch capability unnecessarily, which can expose sensitive prompts or trigger unintended networked actions in contexts where a narrower skill should have been chosen.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly recommends passing API keys via shell commands such as `export CASE_API_KEY=...` and `casedev auth set-key --api-key ...`, which can expose secrets through shell history, process listings, audit logs, or terminal recordings. In an agent-oriented setup skill, this is especially risky because users may copy/paste real credentials and automation systems may persist command invocations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents generic raw API operations including `POST /vault` and `call createVault` without guardrails, confirmation guidance, or warnings that these commands can change remote state. Because this is a gateway skill for agents, exposing direct mutation primitives increases the chance of accidental or unauthorized creation/modification of resources in production environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to upload and transcribe recordings through an external service but does not warn that depositions, hearings, and similar recordings may contain highly sensitive legal, personal, or privileged information. In a legal workflow, this omission can lead users to transmit confidential material without informed consent, creating privacy, confidentiality, and compliance risk even if the service itself is legitimate.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description includes broad trigger phrases such as general document storage and upload/download language that can match common user intents beyond the narrow case.dev context. This can cause the agent to invoke the skill in situations involving sensitive local or remote documents, increasing the chance of unintended data handling or file operations without sufficiently explicit user confirmation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill provides direct upload and download commands for documents and directories but does not warn about sensitive-data transfer, recursive uploads, overwriting/placement risks, or the filesystem effects of writing outputs. In a legal-documents context, these operations can expose privileged or confidential material, upload more files than intended, or write recovered documents to insecure local locations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal