Back to skill
Skillv1.0.0
ClawScan security
Cerebra Legal Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:40 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only 'legal reasoning' helper whose requested footprint (no installs, no env vars, no code) matches its description and instructions; nothing in the package appears disproportionate or covert.
- Guidance
- This skill appears coherent and low-risk as shipped, but remember: (1) it's a reasoning template — do not treat it as a substitute for a licensed attorney for time‑critical or high‑stakes matters; verify deadlines and statutes with counsel. (2) The SKILL.md asks for documents — avoid uploading unredacted sensitive information (SSNs, medical records, account numbers). Redact or summarize identifiable data when possible. (3) If you need representation or emergency help (DV, threat, imminent harm), follow the skill's guardrails and contact local emergency services or certified hotlines immediately. (4) Because this is instruction-only, the platform/agent may still transmit user inputs to a remote model — ensure you understand the host platform's data-handling and retention policies before sharing confidential documents.
Review Dimensions
- Purpose & Capability
- okName/description and SKILL.md align: the skill documents a lawyer-like IRAC workflow, issue spotting, jurisdiction-first checks, disclaimers, and escalation triggers. It does not request unrelated capabilities (no cloud creds, no binaries).
- Instruction Scope
- okRuntime instructions stay within legal analysis scope: gather facts, ask for jurisdiction and documents, apply law, assess risk, and recommend escalation. The SKILL.md explicitly requires disclaimers and emergency triage guardrails. It does ask for 'documents, not summaries', which is reasonable for legal accuracy but increases user data-sensitivity expectations.
- Install Mechanism
- okNo install spec and no code files — instruction-only. This minimizes on-disk execution and supply-chain risk.
- Credentials
- okNo environment variables, credentials, or config paths requested. The skill does not ask for unrelated secrets or system access.
- Persistence & Privilege
- okalways:false and default autonomous invocation are appropriate. The skill does not claim persistent system privileges or attempt to modify other skills.