LegalFrance
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Only initialize if you are comfortable downloading about 2 GB from HuggingFace and storing local indexes. Treat answers as general legal information, not personalized legal advice. Because the supplied search.py artifact is marked truncated, review the complete file and dependency setup if you need maximum assurance before installing. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the skill may steer the agent into a strict legal RAG answer format using only retrieved sources.
The skill generates a system-style prompt that constrains the model's legal-answer behavior. This is purpose-aligned for a RAG legal assistant, but should not be treated as a global instruction outside this task.
SYSTEM_PROMPT = """Tu es JurisFR, un assistant juridique spécialisé en droit français. ## Règles absolues 1. Réponds UNIQUEMENT sur la base des extraits fournis ci-dessous.
Use this skill for French legal questions only, and do not let its generated prompt text override unrelated user goals or system policies.
The first initialization depends on remote third-party artifacts and may consume significant bandwidth and disk space.
The skill depends on large external HuggingFace/model downloads. This is disclosed and fits the stated RAG purpose, but the registry/install metadata does not provide pinned versions or a homepage/provenance trail.
Cette étape télécharge le corpus LEGI (HuggingFace) et le modèle d'embeddings BGE-M3 (~2 Go au total)
Initialize only if you trust the named data/model sources; pin dataset/model revisions if reproducibility or supply-chain assurance is important.
Running initialization will execute local Python code, download data, and create or update local index files.
The skill asks for explicit user confirmation before running the local initialization script. Local code execution is central to building the RAG indexes and is not hidden, but it is still a capability users should notice.
demander confirmation à l'utilisateur avant d'exécuter : ```bash python scripts/ingest.py ```
Approve the initialization only when you are ready for the download and disk writes, and run it with normal user privileges rather than elevated privileges.