Moot Court AI

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate moot-court simulation skill, but users should protect legal case materials and verify any separate workflow file before running it.

Use dedicated API keys with spending limits, redact confidential or personal details before loading real case files, keep exported hearing logs private, and review any separately downloaded Lobster workflow or scripts before running them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly requires third-party model API keys and instructs users to prepare and run legal case materials, but it does not disclose that those materials will be transmitted to external AI providers. In a court-simulation context, inputs may contain sensitive personal, legal, or evidentiary data, so the omission creates a meaningful privacy and compliance risk even if the behavior is expected technically.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal