ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Policy Lawyer

v1.0.1

Reference the workspace policy playbook, answer "What are the rules for tone, data, and collaboration?" by searching the curated policy doc or listing its sections.

0· 1.8k·9 current·10 all-time
by@crimsondevil333333
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (reference workspace policy playbook) matches the included CLI and policies.md. The script only implements listing sections, showing a topic, and keyword search — all aligned with the stated purpose.
Instruction Scope
SKILL.md and the CLI only read a specified policy file and print sections/snippets. The optional --policy-file parameter lets you point to another policy document (local path) which is reasonable for comparing workspaces; the skill does not instruct the agent to read arbitrary system credentials or unrelated files.
Install Mechanism
There is no install spec (instruction-only skill with bundled scripts). No downloads or package installs are performed — the script runs with the local Python interpreter.
Credentials
The skill requires no environment variables, credentials, or config paths. All file I/O is limited to the provided policy file path, which is proportional to the task.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skill configurations. It runs on-demand and does not store agent-wide settings.
Assessment
This skill is coherent and low-risk: it only reads and prints sections from a markdown policy file. Before installing, confirm you are comfortable allowing the agent to read any local path you might pass via --policy-file (do not point it at sensitive files). Review the bundled references/policies.md to ensure the content is appropriate for your workspace. If you plan to allow autonomous invocation, be aware the skill could be asked to read a policy file path the agent has access to — restrict filesystem permissions accordingly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97emkhwhg9y9s6xb8gmw5pm6d80kqw0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments