ClawHub

木瓜法律助手

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed legal API wrapper that sends legal questions, case data, files, and an API key to a configured Mugua endpoint, so the main risk is privacy rather than hidden or malicious behavior.

Install only if you trust the Mugua Legal API endpoint you configure. Replace or verify the default test base_url before using real matters, use a scoped and rotatable API key, review the provider's privacy terms, and avoid uploading privileged or highly sensitive legal documents unless you accept that they leave your environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are very broad generic legal terms such as '法律咨询' and '案件分析', which can cause the skill to activate for a wide range of sensitive user requests without clear scoping or consent boundaries. In a legal-assistance context, unintended invocation is more dangerous because users may share confidential case details that are then routed to an external API.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill transmits user legal questions to a third-party API, and those questions may contain highly sensitive personal or legal information. There is no evidence in the skill of consent, disclosure, redaction, or data minimization before transmission, creating a privacy and compliance risk rather than a code-execution issue.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill uploads user-provided files and structured case data to an external API, which can include especially sensitive legal documents, party identities, facts, and demands. Because there is no explicit warning, consent flow, or sanitization, this creates a substantial confidentiality and regulatory exposure if users or operators do not realize the data leaves the local system.

External Transmission

Medium
Category
Data Exfiltration
Content
- **案件完整分析**:基于当事人信息、案由、事实和诉求生成完整案件分析报告

## HTTP 端点(必须严格一致)
`base_url` 末尾带 `/`(默认 `https://api.test.mugua.muguafabao.com/`)。本 Skill 在服务端按下列路径请求,**不得**改用其它路径或自行 `curl` 猜测地址。

| 能力 | 方法 | 完整 URL(拼接规则) |
|------|------|----------------------|
Confidence
88% confidence
Finding
https://api.test.mugua.muguafabao.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```

## 配置说明
- `base_url`: 木瓜 API 根地址(与 `metadata.json` 中 `required_configs` 一致)。运行时按顺序读取 `context.credentials.base_url`、`context.config.base_url`、`event.config.base_url`;均未提供时使用代码内默认 `https://api.test.mugua.muguafabao.com/`。法律咨询实际请求为 `{base_url}v1/legal-chat/completions`。
- `api_key`: 木瓜 API 鉴权 Token(Bearer),对应 `context.credentials.api_key`。
- `requirements.txt` 仅声明 `requests`;勿将标准库 `typing` 写入 pip 依赖(与注册元数据一致)。
Confidence
93% confidence
Finding
https://api.test.mugua.muguafabao.com/

External Transmission

Medium
Category
Data Exfiltration
Content
{
      "name": "base_url",
      "type": "string",
      "description": "木瓜法律 API 根地址(与 skill.py 中 _resolve_base_url 一致:OpenClaw 注入至 context.credentials / context.config / event.config 的 base_url;未注入时使用代码内默认)。默认 https://api.test.mugua.muguafabao.com/ ,实际请求路径见 SKILL.md(v1/legal-chat/completions 与 v1/case-analysis/generate)",
      "required": true,
      "default": "https://api.test.mugua.muguafabao.com/"
    }
Confidence
80% confidence
Finding
https://api.test.mugua.muguafabao.com/

External Transmission

Medium
Category
Data Exfiltration
Content
"type": "string",
      "description": "木瓜法律 API 根地址(与 skill.py 中 _resolve_base_url 一致:OpenClaw 注入至 context.credentials / context.config / event.config 的 base_url;未注入时使用代码内默认)。默认 https://api.test.mugua.muguafabao.com/ ,实际请求路径见 SKILL.md(v1/legal-chat/completions 与 v1/case-analysis/generate)",
      "required": true,
      "default": "https://api.test.mugua.muguafabao.com/"
    }
  ],
  "input_params": {
Confidence
78% confidence
Finding
https://api.test.mugua.muguafabao.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal