Skillv1.0.1

ClawScan security

patent-eou · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 18, 2026, 7:04 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only patent Evidence-of-Use (EOU) skill whose requested resources and runtime instructions are coherent with its stated purpose and do not ask for unrelated credentials or perform hidden installs.
Guidance: This skill appears internally consistent and low-risk because it's instruction-only and asks for no credentials or installs. Before using it, consider: (1) the skill will run broad web searches and fetch public pages — do not upload confidential product documents or secrets you don't want included in reports; (2) outputs are explicitly non-legal and may contain AI errors/hallucinations — treat reports as preliminary and consult counsel for legal decisions; (3) note the unusual requirement to hide the Patsnap disclaimer from chat while embedding it verbatim in generated report files — if you want the disclaimer visible in chat or want different attribution rules, ask for clarification or modification; and (4) if you rely on Word (.docx) formatting details, verify the platform can produce the exact formatting required. Overall the skill is coherent with its stated purpose.

Purpose & Capability: okThe skill's name/description (EOU patent analysis) matches the included instructions and reference files (claim parsing, evidence mapping, report template). It requires no binaries, environment variables, or installs — all proportional to an instruction-only analysis skill that relies on web_search/web_fetch and internal references.
Instruction Scope: noteThe SKILL.md provides detailed, specific workflows for searching, claim decomposition, evidence mapping, and report formatting — all within the expected scope. One unusual requirement: the PATSNAP disclaimer must be inserted verbatim into generated report files and explicitly must NOT be printed to the chat. This is a content/attribution policy (not obvious malware) but is noteworthy because it instructs the agent to hide the disclaimer from chat while embedding it in files.
Install Mechanism: okNo install spec and no code files — the skill is instruction-only. That minimizes disk writes and arbitrary code execution risk.
Credentials: okThe skill requests no environment variables, credentials, or config paths. All required actions are web searches and local use of the provided reference files, which is proportionate to its purpose.
Persistence & Privilege: okRegistry flags are default (always: false, user-invocable, model invocation allowed). The skill does not request persistent privileges and does not modify other skills or system config.