LegalFrance

Security checks across malware telemetry and agentic risk

Overview

LegalFrance is a disclosed local French legal-search assistant; its main risk is resource use and rebuilding its own local index, not hidden or unrelated behavior.

Install only if you are comfortable running local Python code, downloading a large public legal corpus/model, and storing local search indexes. Re-running ingestion may rebuild and replace the skill's existing local index, so avoid using the same data directory for anything you cannot recreate. Treat answers as general legal information, not personalized legal advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script unconditionally deletes the existing Chroma collection before recreating it, which can destroy previously indexed data without any confirmation, backup, or safety check. In an ingestion pipeline, this creates a real availability and integrity risk: an accidental run, wrong environment, or misuse against a production data directory can wipe the index and force costly reindexing.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal