Google SERP Patents Search API

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward helper for querying a Just Serp API patent-search endpoint with a user-provided API key.

Install only if you are comfortable sending patent search queries and filters to Just Serp API and using a JUST_SERP_API_KEY for authentication. Avoid putting secrets or unrelated private data into the search parameters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This code constructs and sends an HTTP request to an external service, including user-provided patent search parameters in the URL and an API credential in the X-API-Key header. While the behavior is core to the skill, there is no visible confirmation prompt, print/log disclosure, or comment/docstring in this file warning that user input will be transmitted to a third-party API.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal