Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Legal-AI-Collaboration-Framework
v1.1.0Open-source framework to build and manage self-evolving AI legal agents with toolbox, knowledge retrieval, multi-agent collaboration, and experiment tracking.
⭐ 0· 47·0 current·0 all-time
by张律师@sealawyer2026
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims a full framework (evolution engine, standard sync, multi-agent orchestration, encryption, access control) and 'zero-dependency local-only' operation. The bundle only includes a single base class and a few examples; multiple APIs and modules referenced in the docs (core.evolution_engine, core.standard_sync, encryption/access-control implementations) are missing from the file manifest. That mismatch suggests the package is incomplete or the documentation is overstated.
Instruction Scope
SKILL.md repeatedly asserts 'no external API calls' and 'local-only', yet the installation instructions recommend cloning from GitHub or using npx clawhub install (both require network access). The runtime code does local file I/O (loading/saving toolbox JSONs) and accepts user-supplied toolbox paths (including '../' relative paths), which could cause the agent to read/write arbitrary local files if misconfigured. There are no instructions that require reading environment variables or contacting external endpoints, and the code contains no network calls, but the docs/install steps contradict the 'no external' claim.
Install Mechanism
Registry shows no install spec (instruction-only), which is low risk. However, SKILL.md suggests two external install methods (git clone from a GitHub repo and npx clawhub install), which would fetch code from the network. Because the package as published already contains code, the external install suggestions are unnecessary and create a provenance risk if followed.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The code uses only Python stdlib modules. There are no evident requests for secrets or unrelated credentials.
Persistence & Privilege
Flags show always:false and model invocation not disabled (normal). The skill writes/reads local toolbox files and saves updates to toolbox_path when evolving, which is expected functionality and limited to paths the user supplies/configures.
What to consider before installing
This package contains a local LegalAgentBase implementation and examples, but the documentation claims a larger framework (evolution engine, standard sync, encryption/access-control, wandb removal) that is not present in the shipped files. Before installing or running it: 1) Treat the repo as incomplete—do not rely on missing components. 2) Review core/agent_base.py and example code yourself; the code performs local file reads/writes to toolbox paths you provide—avoid pointing toolbox_path at sensitive directories. 3) Avoid blindly running the 'git clone' or 'npx' install directions from untrusted sources; if you need the latest upstream, verify the repository origin and integrity. 4) If you expect features like encryption, access control, or an evolution engine, ask the author for the missing modules or wait for a complete release. 5) Run the code in a sandbox or restricted environment first and scan it with your own security tools. If you want, I can list exact missing files referenced in docs and point out the lines that accept arbitrary paths or perform writes.Like a lobster shell, security has layers — review code before you run it.
agentvk975r77885csgzbyx09pett3vd83nth4aivk975r77885csgzbyx09pett3vd83nth4collaborationvk975r77885csgzbyx09pett3vd83nth4evolutionvk975r77885csgzbyx09pett3vd83nth4frameworkvk975r77885csgzbyx09pett3vd83nth4latestvk975r77885csgzbyx09pett3vd83nth4legalvk975r77885csgzbyx09pett3vd83nth4securevk975r77885csgzbyx09pett3vd83nth4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.