defense lawyer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chinese criminal-defense assistant with sensitive legal use cases, but the reviewed artifacts do not show hidden, unrelated, or unsafe behavior.

Install only if you trust the referenced Python package and publisher. Use it as drafting and analysis support for qualified legal professionals, not as a substitute for counsel; avoid entering unnecessary personal data, store generated case documents securely, and do not place them in public repositories or automatically synced folders.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly shows generating a defense statement and writing it to a local Markdown file, but does not warn that the output may contain highly sensitive legal, personal, or case-related information. In a criminal-defense context, such files can expose privileged strategy, client identity, and case facts if stored insecurely, synced automatically, or shared unintentionally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal