ClawHub
Back to skill
v1.2.1

Judgment Analyzer 判决书分析

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:28 AM.

Analysis

This skill appears purpose-aligned, but users should remember it runs a local document extractor and stores plaintext copies of legal documents.

GuidanceThis skill is reasonable for local judgment-document analysis. Before using it, install dependencies in a controlled Python environment, point it only at files or folders you intend to analyze, and remember that generated text and reports may contain sensitive legal or personal information.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
python3 ~/.claude/skills/judgment-analyzer/scripts/analyzer.py <输入路径>

The skill instructs the agent/user to run a local Python script against a user-supplied file or folder path. This is purpose-aligned, but it gives the script access to whatever documents are in that selected path.

User impactIf the user points it at a broad folder, it may process more PDF or Word documents than intended.
RecommendationRun it only on a specific file or a dedicated folder containing the judgment documents you intend to analyze.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/requirements.txt
pdfplumber>=0.10.0
python-docx>=0.8.11

The required Python packages use lower-bound version ranges rather than exact pinned versions. Installing them is a normal, disclosed setup step, but it leaves dependency resolution to the package manager.

User impactFuture installs could resolve to newer package versions than the author originally tested.
RecommendationInstall in a virtual environment and pin reviewed dependency versions if reproducibility or supply-chain control is important.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
将文本保存到 `输入路径/摘要/` 文件夹...读取 `摘要/` 文件夹中的所有 txt 文件

The workflow creates persistent plaintext extracts of the source legal documents and later uses those text files as AI context. This is disclosed and central to the skill, but judgment documents may contain sensitive case details or personal information.

User impactSensitive legal content may remain on disk in extracted text files after the analysis is finished.
RecommendationReview and delete the generated '摘要' folder when no longer needed, and avoid placing unrelated sensitive files in the target folder.