ClawHub

legal-advisor

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only legal-advisor skill whose broad legal-document handling matches its stated purpose, with no code, install scripts, credentials, or hidden execution behavior found.

Safe to install as a prompt-only legal assistant, but share only the documents needed for a task, redact unnecessary sensitive information, follow your organization’s handling rules for privileged or regulated material, and verify jurisdiction-specific advice with qualified counsel.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill's invocation guidance is broad and lacks clear trigger conditions or scope boundaries, which can cause the agent to activate in contexts where legal review was not explicitly intended. In a legal-advisor skill, this increases the risk of over-collection and processing of sensitive business, contract, HR, privacy, or compliance data without sufficient user intent validation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill is designed to review contracts, policies, compliance status, and potentially privacy or employment materials, but it does not warn users that highly sensitive or regulated information may be accessed. In this context, the omission is more dangerous because legal workflows commonly involve confidential business terms, personal data, privileged material, and regulated records, increasing the chance of unintended disclosure or unsafe sharing.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal