ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Google Patents

v1.2.0

Search Google Patents database for patent research, infringement risk checks, and competitive IP analysis. Use when user mentions: 专利, patent, 侵权, infringeme...

1· 456·4 current·4 all-time
by@jiafar
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The script implements Google Patents queries via SerpApi which matches the skill's stated purpose, but the registry metadata declares no required env vars while the SKILL.md says SERPAPI_API_KEY is required and the script embeds a default API key; this mismatch is unexpected and concerning.
!
Instruction Scope
SKILL.md and the script restrict behavior to calling SerpApi and downloading PDFs (expected). However the runtime instructions expect an API key but the script will silently use a hardcoded default key if SERPAPI_API_KEY is not set, which is scope creep (uses a credential not declared in registry and may route requests through the author's account).
Install Mechanism
Instruction-only skill with a small bash script; there is no install spec and nothing is written to disk beyond user-requested PDF downloads. No risky download/install behavior.
!
Credentials
Registry lists no required env vars but SKILL.md requires SERPAPI_API_KEY; the script reads SERPAPI_API_KEY but provides a hardcoded default API key value in the source. Embedding an API key in the script is disproportionate and risky (leaks credentials, routes requests/billing to that key).
Persistence & Privilege
always:false and the skill does not modify other skills or system-wide settings. It only writes files when downloading PDFs (user-specified).
What to consider before installing
Do not assume this is safe just because it calls a legitimate API. The script contains a hardcoded SerpApi API key (embedded in scripts/patents.sh) while the registry metadata does not declare required credentials — this is a red flag. Before installing: (1) ask the publisher to remove the embedded key and require users to supply their own SERPAPI_API_KEY (confirm the key in the repo is revoked/rotated), (2) ensure the skill manifest (registry metadata) is updated to declare the required env var, (3) if you must run it, run in a sandboxed environment and do not expose other credentials, and (4) consider creating and using your own SerpApi account to avoid routing requests/billing through an unknown key. If the owner cannot or will not remove the embedded key, treat the skill as untrustworthy.

Like a lobster shell, security has layers — review code before you run it.

latestvk975850cnqxhnvzkfndh8y1ard825gwa
456downloads
1stars
3versions
Updated 8h ago
v1.2.0
MIT-0
@jiafar
latest
Download

Google Patents

Search and retrieve patent data via SerpApi. Requires SERPAPI_API_KEY env var (free: 100/month at serpapi.com).

5 Commands

bash scripts/patents.sh search "keywords" [options]     # Search patents
bash scripts/patents.sh detail "US11734097B1"            # Basic info + claims
bash scripts/patents.sh fulltext "US11734097B1"          # Description full text
bash scripts/patents.sh full "US11734097B1"              # ALL data in one call
bash scripts/patents.sh pdf "US11734097B1" output.pdf    # Download PDF

Patent ID: short US11734097B1 or full patent/US11734097B1/en. Supports all countries: CN, US, EP, JP, KR, WO, DE, etc.

Search Options

--country US,CN,JP,WO,EP,KR    --status GRANT|APPLICATION
--type PATENT|DESIGN            --assignee "Company"
--inventor "Name"               --sort relevance|new|old
--after publication:20230101    --before publication:20251231
--num 10-100                    --page N
--language ENGLISH|CHINESE      --litigation YES|NO
--scholar                       --clustered

Boolean: "(massage) AND (glove OR mitt)" | Multi-term + CPC: "(pet grooming);(A01K13)"

What Each Command Returns

search: patent_id, title, snippet, assignee, inventor, dates, pdf, country_status detail: title, abstract, claims[], inventors[], assignees[], classifications[], legal_events[], citations, similar_documents[], images[], pdf, family_id, worldwide_applications fulltext: description full text (FIELD OF INVENTION, BACKGROUND, SUMMARY, DETAILED DESCRIPTION) full: Everything from detail + description_full combined pdf: Downloads PDF file to specified path

E-commerce Scenarios

# Infringement risk check (pre-listing must-do)
bash scripts/patents.sh search "product" --type DESIGN --country US --status GRANT

# Competitor patents
bash scripts/patents.sh search "category" --assignee "Company" --num 50

# Read claims to assess real risk
bash scripts/patents.sh full "USD975937S1"

# Download patent PDF for reference
bash scripts/patents.sh pdf "USD975937S1" ./patent.pdf

# Expired patents (free to use)
bash scripts/patents.sh search "tech" --before "filing:20040101"

# Latest trends
bash scripts/patents.sh search "tech" --sort new --after "publication:20240101"

# Litigation-prone patents
bash scripts/patents.sh search "product" --litigation YES --country US

Error Handling

All errors return JSON with error and code fields. No exceptions thrown.

CodeMeaning
PATENT_NOT_FOUNDPatent ID doesn't exist (404)
AUTH_ERRORInvalid/expired API key (401/403)
MAX_RETRIES_EXCEEDEDNetwork failure after 3 retries
NO_DESCRIPTIONPatent has no description text
PARSE_ERRORHTML parsing failed
NO_PDFNo PDF available
DOWNLOAD_ERRORPDF download failed
MISSING_QUERYNo search query provided
MISSING_IDNo patent ID provided

Auto-retry: 3 attempts with exponential backoff (2s, 4s, 8s) on 429/5xx errors. Rate limit: 1 second between requests to avoid triggering anti-scraping. Timeouts: 10s connect, 30s max per request, 60s for PDF downloads.

FAQ

Q: Why are some fields empty? A: Different countries have different patent page formats. Some patents may have incomplete data, or the description may not be digitized.

Q: Can I batch-fetch patents? A: Yes, loop through IDs. Respect the 1s rate limit. Free tier = 100 calls/month. Cached results (same query within 1h) are free.

Q: How to get PDF? A: bash scripts/patents.sh pdf "US11734097B1" output.pdf

Q: Chinese vs English patents? A: Chinese pages (patent/CNxxxxxx/zh) have native Chinese content. English pages have machine-translated content. Use --language CHINESE for search.

Q: Patent ID formats? A: Country code + number + type suffix. Examples: CN106484775A, US20180232442A1, EP2264377A2, USD975937S1 (design), JP2020123456A.

Comments

Loading comments...