Zhihuiya Bibliography
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a straightforward patent bibliography lookup skill, but it uses a LinkFox API key and sends patent queries to external LinkFox endpoints.
This skill looks safe to use for its stated patent lookup purpose. Before installing, make sure you are comfortable sending queried patent IDs or publication numbers to LinkFox/Zhihuiya, configure the API key securely, and do not submit feedback or extra context containing confidential information unless you intend to share it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may run a local Python script to contact the patent lookup API.
The skill discloses a local helper script that may be run to perform the query. This is purpose-aligned and the provided script is a simple API client, but users should still notice that local code execution is part of the workflow.
You can also execute `scripts/zhihuiya_bibliography.py` directly to run queries.
Allow the helper only when you intend to perform a patent lookup, and review the script if your environment treats local code execution as sensitive.
Anyone with access to the configured API key could use the associated LinkFox/Zhihuiya service access.
The integration uses a LinkFox API key from the environment for authorization. That is expected for this provider-backed lookup, but it is still credentialed access.
认证方式:Header `Authorization: <api_key>`,api_key 从环境变量 `LINKFOXAGENT_API_KEY` 读取
Store `LINKFOXAGENT_API_KEY` securely, avoid pasting it into chat, and prefer a scoped/rotatable key if available.
Patent numbers or internal patent IDs you query may reveal research or business interests to the external service.
Patent identifiers supplied to the helper are sent to the external LinkFox tool gateway. This is disclosed and necessary for the stated lookup purpose.
API_URL = "https://tool-gateway.linkfox.com/zhihuiya/bibliography"
Use the skill only for patent identifiers you are comfortable sending to LinkFox/Zhihuiya, and avoid adding unrelated confidential context to query parameters.
If feedback is submitted, some details about the user's request or experience could be sent to a separate LinkFox endpoint.
The reference documentation includes a separate public feedback endpoint that could transmit user comments or intent if used. The provided script does not call this endpoint automatically.
`https://skill-api.linkfox.com/api/v1/public/feedback` ... `content`: Include what the user said or intended
Submit feedback only with user awareness/consent and avoid including sensitive user or business details.