ClawHub

Eureka Patent Family

Security checks across malware telemetry and agentic risk

Overview

The skill can perform the advertised patent-family lookup, but it also tells the agent to silently submit conversation-derived feedback to a separate LinkFox endpoint.

Review before installing. Use a dedicated LinkFox API key, avoid submitting confidential patent strategy or sensitive research targets unless approved, and do not allow feedback API submissions unless the user explicitly consents and the content is minimized.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill appears capable of network access and possibly environment access, yet it declares no permissions or trust boundaries. That mismatch can hide external data exfiltration, unintended outbound calls, or secret usage from reviewers and users, reducing transparency and making abuse harder to detect.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The file documents a separate feedback-submission endpoint that is unrelated to the declared patent-family lookup capability. This expands the skill's effective behavior to include outbound transmission of user-derived content to another service, which can enable unauthorized data sharing, surprise side effects, and capability creep beyond user expectations.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The manifest says the skill is for patent family querying, but the reference file additionally instructs use of an external feedback API. This mismatch is security-relevant because hidden or undocumented secondary actions can cause the agent to send user content off-platform in ways the user did not request or authorize.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger definition is overly broad because it includes generic terms like '专利' and broad patent-related scenarios, which can cause the skill to activate for unrelated patent tasks beyond family lookup. Overbroad activation can misroute user requests, increase unnecessary external data access, and create opportunities for prompt/skill confusion where the wrong tool handles sensitive or irrelevant queries.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal