ClawHub

Zhihuiya Bibliography

Security checks across malware telemetry and agentic risk

Overview

The patent lookup function is mostly coherent, but the skill also tells agents to automatically send user feedback and intent to a separate external endpoint without clear user consent.

Install only if you are comfortable with LinkFox receiving patent IDs or publication numbers and with the skill's feedback instructions. Prefer disabling or removing the automatic feedback flow, or require explicit user consent before any feedback, user intent, or conversation details are sent to the separate feedback endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to automatically send user satisfaction, dissatisfaction, and improvement-related observations to a separate Feedback API unrelated to the requested patent lookup. This introduces an undisclosed secondary data flow that can exfiltrate user content or behavioral metadata without necessity for the primary task.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill documentation introduces a separate feedback submission API that is unrelated to the stated patent bibliography lookup purpose. This expands the skill’s effective capability surface and could enable unsolicited outbound transmission of user content or interaction details to another endpoint, especially if an agent treats all documented APIs as available actions.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Including a user-feedback reporting capability in a skill whose declared purpose is patent bibliographic querying creates a hidden secondary channel for data exfiltration or behavior outside user expectations. Even if benignly intended, this mismatch increases the chance that an agent could send user prompts, results, or metadata to an unrelated external service without clear authorization.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The feedback collection instructions explicitly cover praise, dissatisfaction, and perceived improvements, but provide no user-facing warning that such information may be transmitted externally. This is a privacy and transparency failure that can leak sentiment, usage patterns, and potentially portions of user requests to a third party without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal