Legal Advisor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent legal-template helper with ordinary local scripts and no evidence of hidden data access, exfiltration, or destructive behavior.

Install only if you want general legal drafting and reference assistance. Treat outputs as drafts, verify jurisdiction, facts, deadlines, and current law, and have important contracts, filings, or dispute letters reviewed by a qualified lawyer before use. If running the scripts, expect local bash/Python execution and a small user-profile data directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The invocation text is broad enough that an assistant may apply the skill to many legal questions without clear boundaries, escalation criteria, or jurisdiction limits. In a legal context, this can cause users to rely on generic generated advice for regulated, high-stakes matters where facts and local law are critical.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill advertises legal-document generation and dispute support without warning that outputs may be inaccurate, incomplete, or unsuitable for a specific jurisdiction. Users may treat generated contracts or claims as professional legal advice, potentially causing waived rights, invalid filings, or contractual harm.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal