Construction Law: FIDIC, PSSCOC, SIA & Singapore SOP Act

Security checks across malware telemetry and agentic risk

Overview

This is a coherent offline construction-law toolkit whose file writes are explicit, user-directed report/export features rather than hidden persistence.

Reasonable to install for offline construction-law drafting, registers, and deadline workflows. Because generated intake reports can contain confidential matter facts and strategy, choose output locations carefully, avoid shared or synced folders for sensitive matters, and verify legal deadlines against the actual contract and current official sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script writes matter intake JSON and generated reports to arbitrary user-supplied paths via --save-matter and --output without any warning, consent prompt, or safety guard despite handling highly sensitive legal matter data. In an agent/skill context, this can silently persist confidential client facts, dispute posture, deadlines, and strategy to disk where other users, backups, logs, or later processes may access them, creating a real confidentiality and data-retention risk even if it is not code-execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal