Security audit

Lawyer Assistant

Security checks across malware telemetry and agentic risk

Overview

The skill is a legitimate legal-assistance tool, but it needs review because it handles sensitive legal facts while under-disclosing local storage, third-party/API behavior, and the reliability of some generated case data.

Review carefully before installing. Use redacted or fictionalized legal facts unless you are comfortable with local JSON storage and possible external lookup behavior, do not rely on example or API-labeled cases as verified legal authority, and avoid confidential client matters unless privacy notices, consent prompts, HTTPS-only providers, retention controls, and deletion/redaction safeguards are added.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (32)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The document instructs the user to publish the repository to GitHub or Gitee, including as a public repository, but never advises reviewing the codebase for secrets, personal data, tokens, API keys, test fixtures, or proprietary content before upload. In a skill package with many files and documentation, this omission materially increases the chance of accidental data exposure when a user follows the guide verbatim.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger conditions are broad enough to activate on generic mentions of legal topics such as '律师', '案例', or '纠纷', which can cause the skill to engage without clear user intent. In a legal-advice context, unintended invocation is more sensitive than usual because the skill may solicit or process personal case details and produce quasi-professional guidance when the user did not explicitly request this workflow.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The code sends user-supplied dispute details and case facts to an external case-search API without any visible consent, minimization, or warning. In a legal-assistant context, those inputs can contain highly sensitive personal, financial, employment, family, or litigation information, so silent transmission to third parties creates a meaningful privacy and confidentiality risk.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill persists potentially sensitive user-submitted legal case data and user identifiers to local JSON files without any consent flow, minimization, retention control, or access protection. In this context, submissions may contain personal, legal, and evidentiary details, so storing them in plaintext on disk increases the risk of privacy exposure, accidental disclosure, and unauthorized local access.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The document promotes compensation-estimation outputs for legal disputes and shows concrete monetary calculations without clearly warning that these results are only preliminary, non-authoritative references. In a legal-assistance context, users may rely on these estimates when making settlement, litigation, or employment decisions, which can lead to financial harm or poor legal choices if the formulas are incomplete, jurisdiction-specific, or fact-sensitive.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill maps broad everyday terms like '网购', '假货', '离婚', and '借款' directly to legal categories without defining trigger boundaries, exclusions, or confirmation steps. This can cause accidental invocation or misclassification of casual user text as a legal request, which is risky in a legal-assistance context because it may prompt collection of sensitive case details or generate inappropriate legal guidance from ambiguous input.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill encourages users to submit detailed dispute narratives, identities, salary, family, and financial information, but does not present a clear upfront privacy and sensitive-data handling warning before those examples and prompts. In a legal context, this increases the chance that users will disclose highly sensitive personal and case data without understanding minimization, retention, or redaction expectations.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The release notes promote real-time external case retrieval and local/Redis caching, but do not disclose that user legal queries may be transmitted to third-party services and stored locally for later reuse. In a legal-assistant context, queries can contain highly sensitive personal, employment, family, or dispute details, so undisclosed sharing and caching creates meaningful privacy and confidentiality risk.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The configuration instructions tell users to place API keys in config.json but omit basic credential-handling guidance such as keeping the file out of version control, restricting file permissions, and avoiding sharing screenshots or backups containing secrets. This increases the chance of accidental key leakage, which could lead to unauthorized API use, quota exhaustion, and billing exposure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document states that the skill will query external APIs and use local caching, but it does not clearly disclose that user-provided case descriptions may be transmitted to third-party services and stored locally. In a legal-assistant context, user inputs are likely to contain highly sensitive personal, employment, financial, or dispute details, so lack of explicit notice and consent creates a meaningful privacy and data-handling risk.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The document recommends a user-contributed case intake feature as part of the data acquisition strategy, but it does not mention consent collection, personal-data screening, upload restrictions, or moderation controls. In a legal-assistant context, user-submitted case materials may contain sensitive personal information, court records, or confidential documents, so omitting privacy guidance can lead to unauthorized collection, retention, or disclosure of personal data.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The instruction to register for OpenLaw and obtain an API key is not inherently unsafe, but the document provides no warning about secure storage, restricted scope, or avoiding hardcoding/secrets leakage. In practice, teams often copy such guidance directly into implementation work, which can result in API keys being embedded in source files, logs, or client-side code and then abused by others.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The report describes local caching and usage statistics but does not disclose that user queries and activity metadata may be stored locally. In a legal-assistant context, search terms can reveal sensitive legal issues, client matters, or personal data, so silent retention creates privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill recommends routing searches to external platforms without warning that user queries will be transmitted to third-party services. Because the domain is legal research, those queries may contain confidential case details, names, disputes, or strategy-related information, increasing privacy, confidentiality, and regulatory exposure.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The documented trigger phrases for case submission are broad natural-language utterances such as '我有个案例要贡献' and '贡献案例 <案例信息>', without clear confirmation or command boundaries. In a conversational legal assistant, this can cause accidental activation during ordinary discussion, leading users to disclose sensitive case facts unintentionally into a contribution pipeline.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The release notes encourage users to submit '真实案例' and personal litigation experiences, but do not clearly disclose how submitted data will be used, displayed, retained, shared, or whether it may become visible to other users. In a legal-assistance context, this creates a serious privacy and compliance risk because users may submit sensitive facts, court details, and personal history under the mistaken assumption that the data is only used privately or transiently.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The release notes describe using user-contributed cases, external API data, and displaying lawyer contact details, but they do not clearly explain the privacy risks of ingesting third-party/user-submitted data or the consequences of initiating contact with recommended lawyers. In a legal-assistance context, users may disclose highly sensitive personal and case information, so vague privacy language can lead to unintended exposure, profiling, or sharing of regulated personal data.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The release notes state that law firm data comes from 'public information + user submissions' and is only 'periodically verified,' but provide no warning that addresses, websites, and related details may be outdated, inaccurate, or privacy-sensitive. In a legal-assistance context, users may rely on this information to contact firms or make decisions, so missing disclosure increases the risk of misinformation, misdirection, and unintended exposure of personal or third-party data.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document promotes legal-analysis capabilities including win-rate statistics, lawyer recommendations, law-firm addresses, AI Q&A, document generation, and online consultation, but it does not include any warning that outputs may be incomplete, jurisdiction-specific, or unsuitable as a substitute for qualified legal advice. In a legal-decision context, users may over-rely on generated guidance for disputes, filings, settlement decisions, or compliance actions, creating real risk of harmful or incorrect action.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The documented trigger phrase uses very generic natural-language commands such as “评价 …” and “查看评价统计”, which can overlap with ordinary conversation and cause unintended invocation of the rating workflow. In a legal-assistant context, accidental collection of ratings or disclosure of aggregate statistics can confuse users, pollute analytics, and create unintended data capture during sensitive interactions.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The document describes storing rating records, statistics, IDs, and ongoing analysis of user feedback, but the privacy notice is high-level and does not clearly state retention, consent flow, access controls, or how free-text feedback is handled. Because this is a lawyer-assistant skill, users may include sensitive case-related details in ratings, so weak notice and incomplete data-handling controls increase privacy and compliance risk.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill exposes very generic trigger phrases such as '评价…', '查看满意度趋势', and '查看评价标签' without defining clear activation boundaries, authorized roles, or contextual constraints. In an agent environment, overly broad triggers can cause unintended invocation, accidental processing of user-generated content, or unauthorized access to analytics/reply functions, especially where admin-only capabilities are mentioned alongside natural-language commands.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The document describes optional user notification and review-reply features but does not clearly disclose what user data is stored, who can view replies, whether notifications contain personal information, or how consent/retention is handled. This creates privacy and compliance risk because the feature may process or expose review content, identities, and interaction history without adequate transparency or safeguards.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The release notes repeatedly encourage users to submit detailed legal case descriptions, including names, employers, salary, dispute facts, and evidence, but provide no warning about handling sensitive personal or legal information carefully. In a legal-assistance context, this omission increases the likelihood that users will disclose highly sensitive data unnecessarily, which can create privacy, confidentiality, and compliance risks if the skill logs, stores, or forwards those inputs.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The document advertises '外部 API' and multi-platform integration for a legal-assistant skill handling potentially sensitive case facts, but provides no notice that user-submitted legal data may be sent to third parties or processed outside the local skill boundary. In a legal context, case descriptions often contain highly sensitive personal, employment, financial, or family information, so omission of disclosure and consent guidance creates a real privacy and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal