ClawHub

complaint drafting

Security checks across malware telemetry and agentic risk

Overview

This is a coherent instruction-only legal drafting skill, but users should be careful because it asks for personal and case details.

Install only if you are comfortable using an AI assistant for legal-document drafting. Provide only information needed for the draft, redact unnecessary third-party details where possible, and review the final complaint carefully before sharing or filing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs collection of extensive personal and potentially sensitive legal-case information, including identity, contact, address, and case facts, without a clear upfront privacy warning, data-minimization rule, or handling constraints. In a legal-assistance context this is more dangerous because users are likely to disclose highly sensitive personal and dispute information, increasing the risk of overcollection, inappropriate retention, and privacy harm if the data is mishandled.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The template explicitly solicits sensitive personal data such as name, sex, date of birth, ethnicity, employer, home address, and contact details for litigants, but provides no privacy notice, minimization guidance, masking rules, retention limits, or handling instructions. In a complaint-drafting skill, this increases the chance that users and downstream systems will over-collect, expose, or improperly store personally identifiable information contained in legal filings and chat histories.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This guide instructs users to include and submit highly sensitive personal data and electronic evidence such as names, addresses, phone numbers, account information, chat logs, recordings, and witness contact details, but it provides no warning about minimization, redaction, consent, secure storage, or risks of over-disclosure. In a legal-document drafting skill, that omission is meaningfully dangerous because users are likely to paste raw case materials into the system and may expose third-party personal data beyond what is necessary for filing.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal