AI Copyright Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only IP document skill appears coherent and benign, but users should scope confidential project materials, personal inventor/applicant data, and external prior-art searches carefully.
This skill is reasonable for drafting IP documents, but treat inputs as sensitive: select only intended project files, remove secrets and unnecessary personal data, review search queries before using external services, and approve any document-generation tooling the agent proposes to install or run.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private source code, technical disclosures, and inventor/applicant details may be included in the agent context and generated documents.
The skill expects project source materials and personal applicant/inventor details as context. That is aligned with the IP-document purpose, but these inputs can be confidential or personally sensitive.
Generate Chinese patent applications, software copyright registration materials, or technical disclosure reports from AI project code, research papers, and design docs... Confirm with user: path selection, tech topic, AI domain..., applicant info, inventor info, existing materials.
Provide only the files and personal details needed for the task, remove secrets/API keys, and review/desensitize generated documents before sharing or filing.
Confidential invention details could be exposed through search terms or documents used during prior-art research.
The skill explicitly calls for external prior-art searches. This is purpose-aligned, but search queries may reveal technical details to third-party services.
C1.1 Prior Art Search Online search 2-3 rounds: CNIPA patent DB, Google Patents, arXiv.
Use public-safe search summaries where possible, avoid including secrets or exact confidential implementation details in queries, and confirm before sending sensitive information to external services.
If the agent needs to install or invoke document-generation tooling, package provenance and local execution may matter.
The skill references document-generation libraries, while the registry says there is no install spec and no required binaries. No automatic installation is shown, so this is a setup/provenance note rather than a concern.
Phase F Word Output (docx-js, auto) Phase G Briefing PPT (python-pptx, patent default)
Approve any package installation or tool execution explicitly, and prefer trusted/pinned document-generation tools.