Back to skill

Security audit

Professional Patent Agents

Security checks across malware telemetry and agentic risk

Overview

This patent-assistant skill is mostly coherent, but it asks for broad learning/persistence over patent work, local work-record mining, and runtime skill installation without enough scoping or consent controls.

Review before installing. Use this only with invention details you are comfortable sending to search providers or patent APIs, disable or tightly scope continuous learning and memory/work-record mining unless you explicitly want it, do not let it install additional skills without review, and run document conversion as a non-root user in an isolated workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
config_path = f.name
            cmd.extend(['-p', config_path])
        
        result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)
        
        # 清理临时文件
        os.unlink(mmd_path)
Confidence
91% confidence
Finding
result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The documented behavior extends beyond patent drafting into proactive mining of local work records to discover inventions and generate notifications. Accessing general work logs can expose unrelated confidential business, personal, or source-code information, and the behavior is not clearly bounded to user-selected patent materials.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Unsolicited access to a broad memory/ work-record directory for invention discovery violates least-privilege expectations and may process highly sensitive internal information without a clear task-specific need. In a patent context, this is especially risky because work logs often contain confidential R&D details, trade secrets, and client information.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to search ClawHub and install additional skills via shell commands before conducting prior-art research. This expands the trusted toolchain at runtime and introduces a supply-chain risk: a malicious or compromised skill could gain broader capabilities, exfiltrate data, or alter agent behavior beyond the patent-search task. The patent-search context does not require dynamic skill installation, so this materially increases risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill presents grant-rate predictions and recommendations such as whether to file, modify, or abandon without an explicit disclaimer that these outputs are estimates and not legal advice. In a patent workflow, users may over-rely on the agent’s quantified scores and recommendations for consequential business and legal decisions, increasing the risk of harmful unauthorized professional guidance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs automatic creation of .docx files in the same directory as the source Markdown, but does not mention any user confirmation, preview, or warning before modifying the filesystem. In an agent setting, silent writes to user-supplied paths can lead to unintended file creation, overwriting of expected outputs, or writes into sensitive/shared directories if the input path is broad or attacker-influenced.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill explicitly defines passing user-derived content to downstream agents but does not warn users that their ideas may be forwarded within a multi-agent workflow. In a patent-drafting context, user submissions may contain confidential, commercially sensitive, or pre-filing invention details, so undisclosed propagation increases privacy and confidentiality risk even if no external exfiltration is described.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are broad enough to cause the skill to activate on loosely related events such as user corrections, API availability, or discovery of external skills, which can lead to unintended learning and persistence of session-derived data. In a continuous-learning skill, ambiguous activation expands the collection surface and increases the chance that sensitive project, user, or workflow information is captured without clear user intent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly states that it will automatically extract reusable patterns from patent drafting sessions and build an accumulative knowledge base, but it does not present an explicit warning, consent flow, retention policy, or data-boundary controls. Because patent drafting commonly involves confidential inventions, legal strategy, and proprietary search patterns, silent persistence can create significant confidentiality, privacy, and cross-project data leakage risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.