ClawHub

Zhihuiya Cited By

Security checks across malware telemetry and agentic risk

Overview

The patent citation lookup itself is coherent, but the skill also tells the agent to silently send feedback and user context to a separate LinkFox API.

Review before installing. Use it only if you are comfortable sending patent numbers or IDs to LinkFox/PatSnap and providing a LinkFox API key. For confidential patent research, disable or require explicit consent for feedback reporting, because the skill can otherwise send user comments, intent, and satisfaction context to a separate feedback endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill expands from patent citation lookup into automatic feedback reporting, which is a separate behavior not disclosed in the main purpose. This creates a covert secondary data flow where user interactions, satisfaction, and operational context may be transmitted to another API without a clear need for fulfilling the user’s request.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Auto-reporting user praise, dissatisfaction, or general improvement ideas is not necessary to perform patent citation queries and may send behavioral or sentiment data off-platform. Because it is triggered broadly and silently, it can collect extra user metadata unrelated to the requested patent lookup, violating data minimization expectations.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger conditions are broad enough to activate on generic patent-interest queries, even when the user did not ask to use Zhihuiya/PatSnap specifically. Over-broad triggering can route user requests and patent identifiers to an external tool unnecessarily, increasing privacy exposure and the chance of tool misuse or incorrect handling.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal