ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Contract Review

v1.0.0

Legal contract analysis using CUAD dataset (41 risk categories). Supports NDA, SaaS, M&A, employment, payment/merchant, and finder/broker agreements. Identif...

2· 814·14 current·14 all-time
by@lmanchu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (CUAD-based contract review) match the SKILL.md instructions: detecting blanks/missing exhibits, extracting key terms, flagging risks, and suggesting redlines. The resources and steps requested are proportionate to a legal review assistant.
Instruction Scope
Instructions focus on analyzing uploaded contract documents and asking clarifying questions about the user's role. Frontmatter lists allowed-tools (Read, Write, Edit, Grep, Glob) which is consistent with scanning uploaded files, but this implies filesystem access — ensure the agent's file access is limited to user-provided documents and not arbitrary system files.
Install Mechanism
No install spec and no code files (instruction-only). This is low-risk: nothing will be downloaded or written to disk by an installer.
Credentials
The skill requests no environment variables, credentials, or config paths. That is appropriate for a purely instruction-based document analysis tool.
Persistence & Privilege
always is false and the skill does not request permanent presence or system-wide configuration changes. No special privileges are requested beyond file read/write operations implied by allowed-tools.
Assessment
This skill appears internally consistent for contract review. Before installing or invoking it, confirm how your platform handles uploaded documents (storage, retention, and external network calls). Limit the agent's file access to only the contract files you provide, avoid uploading highly sensitive material unless you trust the platform's data handling, and remember the skill gives informational analysis only — have material terms reviewed by qualified counsel.

Like a lobster shell, security has layers — review code before you run it.

contractsvk975a8rq26kc33p3q7km4wkwc981xr5bdue-diligencevk975a8rq26kc33p3q7km4wkwc981xr5blatestvk975a8rq26kc33p3q7km4wkwc981xr5blegalvk975a8rq26kc33p3q7km4wkwc981xr5bndavk975a8rq26kc33p3q7km4wkwc981xr5bsaasvk975a8rq26kc33p3q7km4wkwc981xr5b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments