ClawHub

Patent Writer Cn

Security checks across malware telemetry and agentic risk

Overview

This appears to be a China-focused patent and software-copyright drafting helper with some overbroad activation risk but no evidence of hidden, destructive, or privileged behavior.

Use this skill only when you want PRC-specific patent or software-copyright drafting help. Avoid sharing unnecessary confidential invention details, and have any filing-ready legal materials reviewed by a qualified IP professional in the relevant jurisdiction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list is very broad and includes common terms like '专利', '权利要求', and '申请材料清单', which can cause the skill to activate for general legal, documentation, or planning requests that may not actually require this specialized workflow. Over-broad activation can override user intent, push users into jurisdiction-specific patent/copyright guidance, and increase the chance of collecting unnecessary sensitive business or technical information.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill is explicitly scoped to Chinese patent and software copyright procedures, but the description and triggers do not require user opt-in or confirm that the user wants China-specific legal/filing guidance. If activated for users in other jurisdictions, it may provide incorrect legal process advice, misleading document structures, or inappropriate compliance steps, which is especially risky in an IP filing context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal