Back to skill

Security audit

Pharmaclaw Ip Expansion Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent pharma IP analysis helper, but users should treat its external lookups and generated local files as sensitive.

Install only in a controlled project directory. Do not run it on confidential SMILES, targets, therapeutic strategy, or portfolio data unless your organization permits third-party patent/PubChem lookups. Protect generated files such as ip_portfolio.db, logs/ip_expansion.log, ip_report.md, and ip_viz.png, and enable any cron-style monitoring only with explicit intent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger language is very broad, covering common terms like IP, patent, novelty, prior art, therapeutics, and chaining with other agents. In a multi-agent environment, this can cause unintended activation on loosely related chemistry or legal discussions, leading to unnecessary network lookups, report generation, persistence to a portfolio DB, or cross-agent propagation of sensitive molecular data.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill explicitly promotes automatic chaining, spawned sub-sessions, autonomous cron checks, use of exec on scripts, and write operations without clear authorization boundaries. In an agentic runtime, this increases the risk of uncontrolled execution loops, unintended data sharing between agents, background activity, and persistent side effects from analysis tasks triggered without sufficiently specific user consent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The agent sends user-supplied therapeutic terms and keywords to third-party services without any disclosure, consent gate, or data-classification check. In this skill's context, those inputs may encode confidential pipeline compounds, targets, or strategy, so external transmission can leak sensitive R&D and IP information even if the destination APIs are legitimate.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The report generator writes analysis artifacts to disk automatically, which can leave sensitive molecular structures, infringement risk assessments, and novelty suggestions in local files without the user's awareness. In a pharma/IP workflow, such artifacts may contain proprietary research data and create unintended persistence or exposure through shared hosts, backups, or log collection.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.