ClawHub

TG 专利价值分析评估

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only patent valuation helper whose web lookup and report generation fit its stated purpose, with no code, credentials, persistence, or destructive behavior found.

Install is reasonable if you want help drafting patent value assessments. Avoid entering unpublished invention names, trade secrets, internal codenames, or confidential R&D details unless you are comfortable with them being used in online searches, and verify patent status, valuation, legal strength, and financing conclusions with authoritative databases and qualified professionals.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger condition is broad enough to activate on generic patent-related discussion, which can cause the skill to run when the user did not explicitly request a valuation workflow. In context, this may lead to unneeded network lookups and unsolicited analytical output on user-provided patent topics, increasing privacy and consent risk rather than enabling direct system compromise.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill instructs the agent to perform online searches using the patent name and related details without clearly notifying the user that their input will be sent to external sources. While patent data is often public, user queries may include unpublished applications, internal codenames, or sensitive business context, so undisclosed network use creates a transparency and privacy issue.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal