China Legal Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese-law guidance skill with no code or permissions, but users should confirm jurisdiction before relying on it.

Install this only if you want help framing questions under Chinese law. Ask the agent to confirm the applicable jurisdiction when unclear, verify cited laws or cases against official sources, and consult a qualified lawyer for important or time-sensitive matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description is broad enough to trigger on general requests for legal guidance, which can cause the agent to route users into this specialized skill without sufficient qualification checks. In a legal domain, overbroad invocation increases the chance of jurisdiction mismatch, inappropriate reliance, or unauthorized legal-advice-like output being presented in situations requiring narrower scope or human escalation.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill is hardwired to a China-specific legal framework but the description does not require explicit user opt-in or confirmation that Chinese law applies. This creates a real risk of giving legally irrelevant or misleading guidance to users in other jurisdictions, especially because legal advice is highly locale-dependent and users may not realize the skill has already assumed Chinese law.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal