ClawHub

Keplerjai Contract Draft

Security checks across malware telemetry and agentic risk

Overview

The skill appears aimed at contract drafting, but it stores and reuses sensitive business-contract information more broadly than users may expect.

Install only if you are comfortable with this skill writing contract artifacts and diagnostic summaries to disk and potentially saving company context for later reuse. Before using it with confidential agreements, confirm where outputs and memory are stored, avoid global/plugin setup unless you explicitly approve it, and prefer a redacted or cleanup workflow for generated reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to read workspace files, write JSON specs and output documents, inspect memory stores, and invoke a local runner, but it does not declare corresponding permissions. This creates a capability/expectation mismatch: a host may expose file and environment access implicitly, and users are not clearly informed that the skill can access local memory files and produce persistent outputs.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The rule expands the skill beyond drafting into external data collection and permanent memory storage of company descriptions. That creates unnecessary privacy, data-governance, and prompt-scope risk: public-web retrieval can introduce untrusted content into the drafting flow, and persisting user-provided descriptions to long-term memory may retain sensitive or inaccurate business information without clear consent or retention limits.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to persist company introductions and rules into permanent memory when the user says to remember them, but it provides no requirement for a clear user-facing notice about long-term storage, retention, or later reuse. Because the data involves company profiles and contracting context, this can lead to silent retention of sensitive business information and unintended reuse across future tasks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document directs the agent to install software globally via npm, check/login to an external service account, and install a plugin, but provides no requirement for explicit user consent before making system changes or initiating account interaction. In an agent setting, this can cause unauthorized environment modification, trigger credential/account prompts, and create supply-chain or operational risk if the agent performs these steps automatically.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The runner writes multiple artifacts to disk, including run-summary.json, validation-report.json, and a markdown note, and those files include business counterparties, company profiles, credit-code-related metadata, output paths, and replacement history. In a contract-drafting skill, these fields can contain sensitive commercial and identifying information, and persisting them by default without minimization, consent, retention controls, or access restrictions creates unnecessary data exposure to other local users, backup systems, or downstream tooling.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal