ClawHub

akylegal-applications

Security checks across malware telemetry and agentic risk

Overview

This is a legal drafting and litigation-guidance skill made of markdown templates, with no code execution or hidden data movement, but users should avoid entering unnecessary personal or financial details.

Use this as drafting support, not legal advice. Verify jurisdiction, deadlines, and cited law with a qualified attorney, and use placeholders or redacted values for ID numbers, addresses, phone numbers, bank accounts, and asset details unless you are preparing a final filing in an approved secure environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger description is very broad, covering many common legal terms such as lawsuit, trial, appeal, and legal strategy, which can cause the skill to activate in a wide range of conversations beyond the user's actual intent. Over-broad activation can route users into procedural or document-drafting guidance inappropriately, increasing the chance of irrelevant, low-quality, or risky legal assistance being surfaced without sufficient context or qualification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The general formatting rules direct users to include full personal identifiers such as DOB, ID number, address, and phone number, but provide no privacy warning, minimization guidance, or jurisdiction-specific caution about redaction. In a legal-document drafting skill, users may paste real client or opposing-party data directly into prompts or generated drafts, increasing the risk of unnecessary exposure of sensitive personal data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The enforcement application template asks for bank account numbers, property details, vehicle information, and other asset leads without any warning about handling sensitive financial information. Because this skill is meant to support legal workflows, users are especially likely to supply real debtor and client asset data, which creates avoidable confidentiality and privacy exposure if entered into the system without safeguards.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal