Skillv1.0.1

ClawScan security

LegalFrance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 13, 2026, 6:44 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and instructions are coherent with its stated purpose (a French RAG legal assistant); it downloads and indexes a public LEGI corpus and builds local search indexes, but be aware of large downloads, disk writes, and the included system prompt.
Guidance: This skill appears to do what it says: build a local RAG assistant over the LEGI dataset and produce SYSTEM+USER prompts for an LLM. Before installing/running: (1) review the scripts yourself (they are included) and run them in an isolated environment/VM if you are concerned; (2) ensure you have ~2+ GB free and sufficient disk space for indexes; (3) be prepared to install Python packages (datasets, chromadb, sentence_transformers) and possibly provide a HuggingFace token if a model requires authentication; (4) note the skill will write persistent indexes under data/, so back up or choose an appropriate working directory; (5) understand the skill supplies a strict system prompt that will control downstream LLM outputs — this is normal for RAG but worth reviewing if you plan to run the LLM with different safety settings.
Findings: [system-prompt-override] expected: ask.py intentionally defines a detailed SYSTEM_PROMPT to constrain the LLM's behaviour for legal answers; this matches the skill's RAG goal and explains the pre-scan flag.

Review Dimensions

Purpose & Capability: okName/description match the code and scripts: ingestion from AgentPublic/legi, ChromaDB + SQLite FTS search, RAG prompt builder and helpers. No unrelated env vars, binaries, or external services are requested.
Instruction Scope: noteSKILL.md instructs running ingest/search/one_shot scripts and requires user confirmation before the ingest (which downloads ~2 GB). The code builds a strong SYSTEM_PROMPT for the LLM (this triggered a 'system-prompt-override' pattern). That is expected for a RAG assistant, but you should be aware the skill supplies explicit system-level instructions that will guide any LLM used with the prompts.
Install Mechanism: noteThere is no automated install spec (instruction-only), which lowers automated install risk. Running the scripts requires third-party Python packages (datasets, chromadb, sentence_transformers) and will download a large embedding model (BAAI/bge-m3) and the HF dataset. Downloads come from known hosts (HuggingFace, model hub) rather than arbitrary URLs, but expect heavy network and disk activity.
Credentials: noteThe skill declares no required environment variables or credentials (good). One caveat: downloading some models or private HF resources can require a HuggingFace token (HF_TOKEN) or similar not declared here; this may cause runtime prompts or failures but is not evidence of hidden credential demands.
Persistence & Privilege: okThe skill writes indexes to a local data/ directory (chroma_db and fts_index.db) as expected for a local RAG assistant. It does not request always:true or modify other skills or system-wide settings.