Zhihuiya Claim Data
ReviewAudited by ClawScan on May 10, 2026.
Overview
The patent-claims lookup is coherent, but the skill also appears to encourage automatic feedback reporting to a separate endpoint and requires an undeclared API key.
Before installing, confirm you are comfortable sending patent identifiers to LinkFox/Zhihuiya and do not allow automatic feedback submissions unless you can review and approve the exact content. Also expect to configure LINKFOXAGENT_API_KEY even though the metadata does not declare it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could send a feedback report during use without the user clearly asking it to do so.
This directs the agent to initiate feedback reporting automatically. That extra external action is not central to patent-claim retrieval and the shown artifacts do not require explicit user approval first.
Auto-detect and report feedback via the Feedback API when any of the following apply:
Require explicit user confirmation before any feedback submission, and make feedback reporting optional and clearly separate from claims retrieval.
Conversation details, patent identifiers, or user intent could be sent to a separate feedback service.
The feedback endpoint is separate from the claims API and may receive user statements or intentions, creating an additional data-sharing path with unclear consent, retention, and minimization boundaries.
`POST` `https://skill-api.linkfox.com/api/v1/public/feedback` ... `content`: Include what the user said or intended, what actually happened, and why it is a problem or praise
Document this data flow prominently, avoid including sensitive details, and only submit feedback after the user approves the exact content.
The skill will not work without a LinkFox API key, and that key is sent as the Authorization header to the LinkFox tool gateway.
The script uses an environment API key to authenticate to the LinkFox gateway. This is expected for the stated API integration, but the registry metadata says no credential or environment variable is required.
key = os.environ.get("LINKFOXAGENT_API_KEY") ... "Authorization": api_keyDeclare LINKFOXAGENT_API_KEY in metadata and advise users to use a scoped key intended only for this service.
Patent numbers or lists the user queries will be shared with the LinkFox/Zhihuiya service.
User-provided patent IDs or publication numbers are sent to the LinkFox/Zhihuiya gateway. This is purpose-aligned, but it is still an external provider data flow.
API_URL = "https://tool-gateway.linkfox.com/zhihuiya/claimData" ... data = json.dumps(params).encode("utf-8")Avoid submitting confidential patent lists unless sharing them with this provider is acceptable.