ClawHub

Legal Docs Pro

Security checks across malware telemetry and agentic risk

Overview

The skill’s legal-document purpose is coherent, but its helper scripts can be tricked into running local code and it stores sensitive business/legal data in plaintext.

Review or patch the shell scripts before running them, especially setup.sh and contract-scan.sh. Avoid scanning files with unusual or untrusted filenames, and only store EINs, addresses, contracts, and contact details if you are comfortable keeping them in local plaintext files under the skill directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README explicitly says the tool 'remembers your business details' and auto-populates them into documents, but it provides no privacy notice, retention limits, storage protections, or warning about handling sensitive business identifiers such as addresses and EINs. In a legal-document skill, users are likely to provide confidential or regulated information, so normalizing persistent storage without clear safeguards increases the risk of privacy violations, unintended disclosure, or insecure downstream reuse.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs storage and repeated reuse of highly sensitive business data, including EIN, address, owner identity, contact details, and contract defaults, but provides no privacy notice, minimization guidance, access controls, retention policy, or warning about handling sensitive identifiers. In a legal-document context, this increases the risk of unnecessary long-term retention and accidental disclosure of personally identifying and business-sensitive information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill encourages users to paste contracts, upload files, or run a scan script on contract content without warning that entire legal documents may contain confidential business terms, personal data, signatures, or privileged material. In a contract-review tool, silent ingestion of full document contents can expose sensitive information and creates privacy and confidentiality risks if users are not clearly informed first.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The example instructs the user to run a shell command that writes a PDF to a specific filesystem path, but it does not clearly warn that this performs a local disk write. In an agent-skill context, even low-risk side effects should be made explicit so users understand that a file will be created and where it will be stored.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
When --save is used, the script writes the full contract text to a local reviews directory without any privacy warning, retention controls, or access restriction checks. Contracts often contain sensitive commercial or personal data, so this can lead to unintended local data exposure, persistence, or inclusion in backups and sync services.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script collects highly sensitive business and personal information, including EIN, address, contact details, and signatory identity, and persists it locally without clearly warning the user before collection that this data will be stored on disk. In the context of a legal-document skill, this increases privacy and compliance risk because users may disclose regulated or confidential business information without informed consent or retention awareness.

VirusTotal

No VirusTotal findings

View on VirusTotal