中国专利.Skill

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned for patent drafting, but it deserves review because normal use can scan sensitive project files, run local shell tooling, and persist generated patent materials with some under-scoped safety controls.

Review before installing, especially on Windows or when handling confidential invention materials. Use a dedicated output directory, avoid processing untrusted DOCX/PPTX files, pin or upgrade dependencies such as mammoth to fixed versions, and prefer explicit invocation with user-confirmed input/output paths.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (12)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: *extra, ] cmd = " ".join(shlex.quote(p) for p in parts) r = subprocess.run( cmd, shell=True, capture_output=True,
Confidence: 95% confidence
Finding: r = subprocess.run( cmd, shell=True, capture_output=True, text=True, timeout=180, )

Tainted flow: 'out_path' from os.environ.get (line 239, credential/environment) → pathlib.Path.write_text (file write)

Medium

Category: Data Flow
Content: os.environ.get("EPUB_RESULT_HTML", "").strip() or default_result_html_path() ) out_path = out_path.expanduser().resolve() out_path.write_text(out_html, encoding="utf-8") print( "结果页长度", len(out_html),
Confidence: 92% confidence
Finding: out_path.write_text(out_html, encoding="utf-8")

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The README advertises very broad natural-language triggers such as generic patent-mining and disclosure terms, which can cause the skill to activate during ordinary discussion rather than only on explicit user intent. In a skill that scans project files, performs web lookups, and writes outputs, accidental invocation increases the risk of unintended document processing, network access, and file creation.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README states that deliverables are written to local files with timestamped names and that revision logs are appended, but it does not prominently warn users that the skill stores potentially sensitive patent and project material on disk. For a patent-disclosure workflow handling confidential technical documents, silent persistence and modification can expose trade secrets or create compliance issues if users do not realize data is being retained locally.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The skill allows iteration mode to trigger on vague signals such as 'intent is obvious' or prior mention of a draft path, without a hard confirmation gate. In a skill that can read, edit, write files and invoke shell/network tools, ambiguous routing can cause the agent to modify the wrong disclosure, skip full re-analysis, or process unintended sensitive documents based on conversational context rather than explicit user approval.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The prompt content is written entirely in Chinese and directs the interaction flow in Chinese without offering a language-selection path or documenting why Chinese is required. This can exclude users who operate in other languages, increase misunderstanding of confirmation prompts, and reduce safe informed review before generating legal-technical content.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The prompt explicitly instructs the agent to write new timestamped .md/.docx files and maintain a revision log on disk, but it does not require explicit user confirmation or a user-facing warning before performing those filesystem modifications. In an agent environment, this can lead to unexpected persistent writes, artifact proliferation, and unintended retention of sensitive patent/disclosure content, especially because the log preserves user instructions and output filenames across iterations.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 使用 tools/md_to_docx.py、docx_to_md.py、pptx_to_md.py、math_render.py 时安装 python-docx>=1.1.0 # 定稿图示（mermaid → PNG）须 Node：在 tools/ 执行 npm install 或 npx，见 tools/README.md mammoth>=1.6.0 python-pptx>=0.6.21
Confidence: 88% confidence
Finding: python-docx>=1.1.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 使用 tools/md_to_docx.py、docx_to_md.py、pptx_to_md.py、math_render.py 时安装 python-docx>=1.1.0 # 定稿图示（mermaid → PNG）须 Node：在 tools/ 执行 npm install 或 npx，见 tools/README.md mammoth>=1.6.0 python-pptx>=0.6.21 matplotlib>=3.8.0
Confidence: 90% confidence
Finding: mammoth>=1.6.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: python-docx>=1.1.0 # 定稿图示（mermaid → PNG）须 Node：在 tools/ 执行 npm install 或 npx，见 tools/README.md mammoth>=1.6.0 python-pptx>=0.6.21 matplotlib>=3.8.0 # 可选：Step 5 国知局 epub.cnipa.gov.cn 抓取（Playwright，体积较大；未写入本文件以免默认全量安装）
Confidence: 87% confidence
Finding: python-pptx>=0.6.21

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 定稿图示（mermaid → PNG）须 Node：在 tools/ 执行 npm install 或 npx，见 tools/README.md mammoth>=1.6.0 python-pptx>=0.6.21 matplotlib>=3.8.0 # 可选：Step 5 国知局 epub.cnipa.gov.cn 抓取（Playwright，体积较大；未写入本文件以免默认全量安装） # pip install -r tools/requirements-cnipa.txt && python -m playwright install chromium
Confidence: 85% confidence
Finding: matplotlib>=3.8.0

Known Vulnerable Dependency: mammoth — 1 advisory(ies): CVE-2025-11849 (Mammoth is vulnerable to Directory Traversal)

Low

Category: Supply Chain
Confidence: 89% confidence
Finding: mammoth

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal