clawtip-invention-patent

Security checks across malware telemetry and agentic risk

Overview

This paid patent-drafting skill is mostly transparent about its purpose, but it sends sensitive invention details and payment credentials to an external service over plain HTTP.

Review before installing. Use this only if you trust the publisher, the clawtip payment skill, and the listed service operator; avoid submitting unpublished or commercially sensitive invention details until the service uses HTTPS and the payment dependency/source are verified.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Tainted flow: 'req' from os.environ.get (line 22, credential/environment) → urllib.request.urlopen (network output)

Critical

Category: Data Flow
Content: method="POST", ) try: with urllib.request.urlopen(req, timeout=60) as resp: body = json.loads(resp.read().decode("utf-8")) except urllib.error.URLError as e: raise RuntimeError(f"网络请求异常，请确认服务地址 {CREATE_ORDER_URL} 可达: {e}") from e
Confidence: 95% confidence
Finding: with urllib.request.urlopen(req, timeout=60) as resp:

Tainted flow: 'req' from os.environ.get (line 26, credential/environment) → urllib.request.urlopen (network output)

Critical

Category: Data Flow
Content: method="POST", ) try: with urllib.request.urlopen(req, timeout=120) as resp: body = json.loads(resp.read().decode("utf-8")) except urllib.error.URLError as e: print("PAY_STATUS: ERROR")
Confidence: 93% confidence
Finding: with urllib.request.urlopen(req, timeout=120) as resp:

Context-Inappropriate Capability

Low

Confidence: 82% confidence
Finding: Allowing the remote service base URL to be overridden by environment variable gives the runtime a hidden network redirection capability unrelated to the user-facing patent-writing purpose. In context, that makes it easier to repoint the skill to arbitrary infrastructure, which can enable data exfiltration, malicious response injection, or abuse of the agent's network access.

Missing User Warnings

Medium

Confidence: 79% confidence
Finding: The script sends the user's question, which is described as invention themes or invention highlights, to a remote server without any user-facing disclosure in the script itself about external transmission, confidentiality implications, or data handling. In the patent-drafting context, this is sensitive because premature disclosure of invention details can create legal, business, and privacy risks if the remote service is untrusted or compromised.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The code transmits sensitive user inputs and a payment credential to a remote endpoint, and the default endpoint uses plain HTTP rather than HTTPS. In this skill context, those fields are directly tied to paid service fulfillment, so interception, replay, or collection by an unintended endpoint could expose user data and payment-related secrets and compromise downstream service access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal