Chinese Patent Writer

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a Chinese patent drafting helper with overly broad activation wording, but no evidence of hidden execution, data theft, destructive behavior, or privileged access.

Install only if you want patent-drafting assistance, and invoke it explicitly for Chinese patent work. Be careful not to let it replace qualified legal review, especially before filing or disclosing invention details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list contains very generic terms such as patent-related nouns and phrases that are likely to appear in ordinary discussion, causing the skill to activate when the user did not clearly request this specialized workflow. This can override user intent, steer conversations into unsolicited legal-drafting behavior, and increase the chance that repository/code content is scanned or transformed in contexts where that was not intended.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The description prominently advertises a broad trigger phrase set without constraints, reinforcing accidental activation across common legal or technical conversations. In an agent setting, broad matching at the metadata layer can route user content into a high-impact drafting workflow that changes outputs and may process sensitive code unnecessarily.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal