ClawHub

专利专业代理 / Patent Professional Agents

Security checks across malware telemetry and agentic risk

Overview

This patent assistant is mostly aligned with patent drafting, but it needs review because it can mine local work records, store learned patterns, install extra skills, run local converters, and send invention details to external search services without clear consent boundaries.

Install only if you are comfortable treating this as a patent drafting assistant, not legal advice. Before using it with confidential inventions, require confirmation before external searches, additional skill installs, file conversion, and learning/storage; avoid feeding it broad work-record directories; run the converter in an isolated environment; and verify any patent strategy with a qualified professional.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (14)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
'-p', config_path
        ]
        
        result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)
        
        os.unlink(mmd_path)
        os.unlink(config_path)
Confidence
84% confidence
Finding
result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The work-record mining feature expands the skill from user-invoked patent drafting into proactive scanning of a local memory directory and generating innovation notifications. This is dangerous because work logs can contain sensitive intellectual property, confidential project details, customer data, or trade secrets unrelated to the current request, creating a clear data-minimization and privacy violation risk. In a patent skill, broad background mining makes the issue more dangerous because the data is likely highly valuable IP.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The patent converter claims use of Pandoc and mermaid-cli, which implies external command execution not reflected in the declared dependencies or bounded permissions. Invoking external CLI tools on model-produced or user-supplied content can expose the environment to command-injection surfaces, unsafe file writes, and unexpected network or filesystem behavior. The mismatch between documented behavior and declared capability makes review and sandboxing harder.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to discover and install additional ClawHub skills at runtime, which expands its capabilities beyond the reviewed and declared patent-search scope. This creates a supply-chain and permission-boundary risk because unvetted third-party skills could gain access to sensitive invention details, exfiltrate data, or perform unintended actions.

Vague Triggers

Medium
Confidence
79% confidence
Finding
Overly broad trigger phrases can cause the skill to activate on ordinary patent-related conversations without clear user intent. Because this skill includes file-handling, search, document generation, and potentially conversion behavior, accidental activation increases the chance of unnecessary data processing or use of higher-risk subcomponents. The broadness is more concerning here because the skill spans multiple agents and side-effecting workflows.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The Scenario 2 trigger examples are generic enough to overlap with normal requests for patent review, making unintended activation plausible. In a skill that can read paths, search external sources, and generate artifacts, accidental routing can expose sensitive draft content to tools or workflows the user did not explicitly request. The ambiguity therefore creates a real security and privacy risk, not just a UX issue.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The Scenario 3 activation phrases are broad and could trigger evaluation of agency reports or prior-art materials whenever the user casually asks for advice. Since these materials may contain confidential legal strategy and unpublished invention details, overly permissive activation can lead to unnecessary ingestion and processing of sensitive documents. The legal/IP context makes accidental activation more harmful than in a generic writing skill.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that it extracts technical points from work records but provides no warning that this may access sensitive local data. Work records commonly contain proprietary R&D, internal architecture, customer names, incident details, and unreleased inventions; mining them for patents could expose or repurpose confidential data without informed consent. In a patent-generation context, this is especially sensitive because it transforms internal records into monetizable IP outputs.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly auto-triggers document conversion after review passes and writes the resulting .docx into the same directory as the source .md files without requiring a fresh user confirmation. This creates a real safety issue because an agent can modify user files or clutter sensitive working directories unexpectedly, especially when operating on arbitrary paths supplied through the workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs sending patent-search queries to external services and APIs without requiring notice, consent, or sanitization of confidential invention details. In a patent workflow, premature disclosure of technical concepts to third parties can create serious confidentiality, trade secret, and filing-strategy risks, making this context especially sensitive.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger conditions are open-ended and include events like discovering new skills or receiving API access, which can cause the skill to activate outside a narrowly scoped patent-drafting context. Because the skill persistently records observations and evolves reusable patterns, ambiguous activation increases the chance of collecting or acting on data the user did not expect to be stored.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Stating that the skill 'automatically' extracts patterns without clear scope or consent signaling implies background collection from drafting sessions. In a patent context, session content may contain confidential invention details, strategy, or attorney work product, so automatic extraction materially raises privacy and confidentiality risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes building an accumulative knowledge base from session observations and user corrections but does not clearly warn users that their drafting content may be persistently stored. For patent workflows, this is especially sensitive because unpublished invention disclosures, search strategies, and edits may be confidential and commercially valuable.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Mentioning patent database API access without warning about credential handling or third-party data transmission can lead users to expose API keys or confidential search terms without understanding the risk. In patent practice, even search queries can reveal strategic interests or unpublished invention areas to external services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal