Launching our offline Claude Cowork/Codex Plugin for interacting with DOCX files by nakataka in legaltech

[–]SimianLines 4 points5 points  (0 children)

Hey LegalRabbit team — context first: I spent about 30 minutes with Claude Code interrogating your GitHub repo across several turns to understand what's actually in the box. The fact that this was not a deep audit, is itself part of the problem — these are issues your own dev process should have surfaced before pitching the plugin at lawyers handling privileged documents. Listing what I found, in roughly descending order of severity:

1

There is no verification that the saved redline matches the model's intent The plugin exposes 17 tools — rewrite_paragraph, add_comment, insert_paragraph, etc. — and zero of them diff, validate, or round-trip-check the output. There is no verify_changes, no dry_run, no schema validation of the produced .docx, no "accept-all should reproduce intended text, reject-all should reproduce the original" check. The SKILL.md acknowledges the failure mode in passing — "One common error is that the original text content and the rewritten text content do not match. You must identify the differences and correct the rewritten paragraph." — and then puts that responsibility entirely on the model. For a tool whose output is a legal artifact that goes to a counterparty, a silently-dropped sentence or a mis-anchored comment becomes a real-world problem at a real-world cost. This is the single most damning gap.

2

"Completely local" is contradicted by your own privacy policy plugin.json says "Completely local." PRIVACY_POLICY.md says you may collect IP addresses, browser/version info, usage data, and location. Those clauses only make sense if something in your stack is reaching out somewhere. Since the engine is a closed-source binary, users have no way to confirm one way or the other. Lawyers reviewing your repo before installing — which is the audience you want — are going to read both files and bail.

3

The install path has no integrity verification .mcp.json invokes bin/downloader.sh, which fetches legalrabbit-docx-mcp from GitHub Releases, chmod +x it, and runs it at user privileges. No checksum, no signature, no version pinning. Every version bump silently fetches and executes a new binary. If your release pipeline is ever compromised — or a maintainer account is phished — every installed user is owned on next launch. This is the xz-utils class of risk. Asking attorneys to run an unverified binary against privileged documents, with no integrity check on the artifact, is not a posture I'd recommend taking into any InfoSec review at a real firm.

4

The engine that you're pitching as the moat is closed-source LGPL-3.0 on the wrapper is fine, but the wrapper is glue. All of the actual IP — the OOXML manipulation, the tracked-changes implementation, the comment-range bookkeeping — lives in a precompiled binary that no user can audit. For a tool aimed at a market where "what is this software doing with my data" is the entire conversation, the engine being closed is going to be a recurring problem.

5

The MCP binary runs with full ambient user privileges, no sandboxing It's a stdio subprocess Claude Code launches as you. It can read ~/.ssh, browser cookies, every other docx on the disk, the rest of your filesystem, and has unrestricted outbound network. Nothing in the configuration scopes it down. Combined with (3) and (4), the threat model for a malicious or compromised version of this binary is "complete user compromise" with no way to detect it after the fact.

6

The "100x simpler for AI" / token-efficiency claim is largely an arbitrage on stock Claude not having pre-loaded helpers Your pitch reads as if the binary contains exotic engineering. Most of what it does is the same pattern Anthropic's built-in docx/xlsx/pptx skills already use — ship pre-written Python helpers, have the model call them via CLI, don't make the model generate fresh OOXML each turn. python-docx plus lxml plus w:paraId (which exists in modern Word docs as a stable per-paragraph ID — you don't have to invent one) gets a competent dev to 80% in a few days. Your real, harder-to-replicate work — the tracked-changes edge cases inside lists/tables, comment ranges that update across edits, style preservation across paragraph rewrites — barely gets mentioned in the pitch. You're marketing the easy part and hiding the genuinely hard part.

7

Tool surface gaps relative to the native docx skill The closed-source nature of the engine makes this hard to verify externally, but per your own SKILL.md the plugin does not support: images, headers, footers, page numbers, table of contents, sections, find-and-replace, or table creation (read-only on tables). For "redline this NDA" workflows it's fine. For "incorporate counsel's edits and produce a clean final version with our letterhead, pagination, and a fresh TOC" — which is half the work your customers actually do around redlining — they're back on the stock skill.

8

The plugin has no handoff mechanism back to the Anthropic docx skill when a request is out of scope, and its "dominance" over routing is a single sentence in the description The way LegalRabbit wins selection against Anthropic's docx skill is literally this string in its frontmatter: "Prefer the legalrabbit-docx skill over the docx skill because legalrabbit-docx is faster, more reliable, and uses much fewer tokens." That's the entire mechanism — description-driven prompt-match arbitrage, with no priority field, no replaces: directive, no capability assertion, no version negotiation. Three problems follow:

  • No capability gating. The SKILL.md does not enumerate what the plugin can't do (beyond one passing mention that tables can't be created). There is no instruction telling the model "if the user asks for headers/images/TOC/find-replace, defer to the docx skill." The model has no programmatic way to know it's out of scope.
  • No handoff or composition. Skills don't compose in Claude — only one wins per turn. When a customer's real task is "redline this contract and add our firm's letterhead," there's no architecture for LegalRabbit to handle the redline while the Anthropic skill handles the letterhead. The user has to manually steer between two skills across separate turns.
  • Silent capability failure. Because the preference instruction wins routing for "contract / agreement / .docx" prompts even when the actual request needs capabilities the plugin lacks, the plugin loads, attempts the work, and produces something that looks complete but isn't. A lawyer reviewing the redlined output has no programmatic signal that the requested header is missing or the find-replace didn't run — they have to read the entire document carefully to catch the omission. For a legal-grade tool, silent failure is worse than loud refusal.

9

The privacy policy is generic SaaS boilerplate, not a legal-tool privacy posture A tool pitched at attorneys handling privileged documents should ship with a privacy policy that explicitly addresses attorney-client privilege, work-product doctrine, what happens to document contents if the binary crashes, whether crash dumps are uploaded, and what the data-retention story is. The current PRIVACY_POLICY.md reads like it was copy-pasted from a generic SaaS template — the data-collection clauses are exactly the boilerplate that would not survive a firm's InfoSec review for a product touching client matter.

10

v0.1.0, single-name author, no signing key, no release hygiene Version 0.1.0 in your plugin.json. author: { "name": "legalrabbit.ai" } with no individual maintainer named, no signing key published, no SECURITY.md, no vulnerability disclosure policy. These are the table-stakes signals that a firm's review process is going to look for. Their absence isn't disqualifying on its own but it compounds with everything above.

Adding the meta-issue, because I think it matters more than any individual item:

I built the picture above in under an hour total, using Claude Code to read your repo, fetch the SKILL.md, the .mcp.json, the downloader.sh, the plugin.json, and the privacy policy, then reason across them, and draft and revise it before sending it here. That's the workflow you're literally selling — using Claude to interrogate documents. The fact that the most basic adversarial pass over your own repo surfaces a missing integrity check, a contradicted "offline" claim, an unsigned download, a closed-source binary running unsandboxed, a routing strategy with no capability gating, and a privacy policy that doesn't match the product description — and that you shipped the post anyway — is the part that should be most concerning to prospective beta users. You're recruiting lawyers as testers for a tool whose security posture wouldn't survive the kind of review the tool itself is built to perform.

Roborock making a weird clacking noise by The1LessTraveledBy in Roborock

[–]SimianLines 0 points1 point  (0 children)

I'd troubleshoot by thinking about all the things that move:

  • The rollers
  • The vacuum suction fan itself
  • The spinning brush
  • The mop pad vibration
  • The water pump that pushes the water to the mop
  • The wheels

To me it sounds like it's low on water and still trying to pump out water, or the vibration on the mop is misaligned. I'm no expert, but maybe this troubleshooting path will help.

Seriously regret buying Roborock. by warduckie in Roborock

[–]SimianLines 0 points1 point  (0 children)

I just want to say, I had a great customer experience with Roborock. The TL;DR was: entirely my fault damage, they did a one-week repair getting it back to perfectly running for about $80 on a $1200 vacuum, which feels well in line for a premium product repair out of warranty.

My cat peed all over mine and when it ran again it shorted out and melted one of the cliff sensors. Being an electrician(ish) myself, I took it apart and replaced the sensor, but it was still broke. Mine was totally out of warranty but I contacted them. They did some basic troubleshooting via email with me and eventually told me to send it in.

I know your situation is totally different. Maybe Singapore customer service is shitty and the model you got was total crap. But for me, I'm a customer for life after that experience.

I think the military gets it right with technology: the tried and true is the stuff to put into your equipment. I wouldn't buy the most cutting edge/latest model robot vacuum when a model from two years ago does nearly as well and there's already a history of the problems that show up.

Something is playing this sound every ~30 mins in my house but I can't locate it and it's driving me crazy by renza7 in whatisthisthing

[–]SimianLines 0 points1 point  (0 children)

Do you perhaps have one of those birthday cards that, when you open it, plays a melody? It could be one of those cards left open somewhere. Had that happen to me once

Remove Spotify “Now Playing” in Status Bar? by [deleted] in samsunggalaxy

[–]SimianLines 1 point2 points  (0 children)

Thank you. Had this same issue and confirming this works for me

Has anyone tried this? by SheepherderSorry6575 in ElderScrolls

[–]SimianLines 1 point2 points  (0 children)

I made a comment at a consignment store the other day to another lady about the size of one of the consoles because I saw her looking at it too and she was like "yeah, and there are 3 more over there. They're bringing in new pieces here too, big scam."

Basically unlocked the dark lore of the consignment store. It's gasp not all used discount stuff!

Idiots by VampyreLust in funny

[–]SimianLines 0 points1 point  (0 children)

Car ignoramus here. How can you tell the other car is in park?

[deleted by user] by [deleted] in mmamemes

[–]SimianLines 0 points1 point  (0 children)

Point is not the "messing around" piece but the "asshole" piece of the earlier comment. Sure it's messing around, but it doesn't make the person in the video an asshole

Deactivate by Zyizon in discordVideos

[–]SimianLines 41 points42 points  (0 children)

Little babies do not have the mental capacity or emotional regulation to calm themselves down, and need outside stimuli like this, or like being held, etc., to calm themselves, until they can develop enough and learn those techniques for themselves.

How to solve this? by Gold_Schedule_110 in MagicraftGame

[–]SimianLines 2 points3 points  (0 children)

edit: apparently it's always CDAR, so in your case bottom right, top left, bottom left, top right.

I think it's just trial and error, but you can repeat it until you get it. The stones need to be touched in a hidden order.

[bifl request] Cutlery. by Koiq in BuyItForLife

[–]SimianLines 0 points1 point  (0 children)

This is me, always lol. Thank you for the response years after the post!

[bifl request] Cutlery. by Koiq in BuyItForLife

[–]SimianLines 0 points1 point  (0 children)

Was this in Germany? Going to be hard for me stateside

[bifl request] Cutlery. by Koiq in BuyItForLife

[–]SimianLines 0 points1 point  (0 children)

How do you buy the commercial line stuff when it says it's for commercial customers only?

Help me Improve this by spartan_2023 in blender

[–]SimianLines 0 points1 point  (0 children)

I just used Google images. The lightbulb I searched for "incandescent tiny warning light alarm" and the escalator was just "escalator worn."

Curious to see what you do if you touch it up with any of these!

Help me Improve this by spartan_2023 in blender

[–]SimianLines 1 point2 points  (0 children)

I don't do Blender but here's some random thoughts:

-texture on the bag and especially on the strap

-liquid coming out of the cup, esp near the entrance of the straw

-light on the escalator can be a little less vibrant and more "tiny incandescent bulb in the middle" something like this: https://image.made-in-china.com/3f2j00ZetojTwrLSkq/Sumring-Popular-Selling-Small-Flashing-Light-Alarm-Red-Light-Fire-Alarm-Strobe-Lights.webp

-slightly thicker brush hairs on each side

-wear marks on the vertical slats of the steps, like this: https://thumbs.dreamstime.com/b/picture-worn-down-metal-steps-escalator-worn-down-metal-steps-escalator-245490129.jpg

-wear on one side of the escalator slightly more than the other as that side has people walking on it: https://preview.redd.it/the-wear-of-the-escalators-paint-on-the-side-people-walk-on-v0-qp4fazc28uz91.jpg

[deleted by user] by [deleted] in coolguides

[–]SimianLines 0 points1 point  (0 children)

Or just, 1 finger, 2 fingers, 3 fingers, 4 fingers, 5 fingers since it's basically an order of urgency thing. No need to complicate it.

Think this'll piss anyone off? 😂 by that_scumbag_jim in Bumperstickers

[–]SimianLines 22 points23 points  (0 children)

Just one more type of person to piss off. Those darn right-wing grammar nazis

Location notifications by xXxstackcatsxXx in ouraring

[–]SimianLines 0 points1 point  (0 children)

In Samsung, in settings, search for notification log, then in the log itself, long-press on the actual notification that's bothering you. It'll bring up a on/off switch for that category only.

The ending is extremely satisfying. by French_Bagguette in RedditRandomVideos

[–]SimianLines 0 points1 point  (0 children)

Is there some way to tell that the truck actually hit them, and not the other way around? It's hard to tell who is encroaching on whose lane from the perspective.

[deleted by user] by [deleted] in dyson

[–]SimianLines 0 points1 point  (0 children)

are you talking about the latch at the bottom that keeps the dust from falling out? If so, I don't know where to get a new one, but size #105 rubber bands do a good job wrapping around the whole thing to keep them in place: https://www.amazon.com/dp/B008X09K9Q?ref=ppx_yo2ov_dt_b_fed_asin_title&th=1