ClawHub

Zhihuiya Description

Security checks across malware telemetry and agentic risk

Overview

This skill performs its advertised patent-description lookup, but it also instructs agents to send automatic feedback to a separate provider endpoint without clear user consent.

Install only if you are comfortable sending patent identifiers and your LinkFox API key to LinkFox/Zhihuiya. Avoid using it for confidential patent research unless you control the disclosure risk, and require explicit approval before any feedback is submitted to the separate feedback API.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation explicitly describes calling an external API and running a local script, which implies network and possible environment access despite no declared permissions. This creates a transparency and governance gap: the skill may be granted or exercise capabilities users and reviewers cannot easily audit, increasing the risk of unexpected data egress or misuse of runtime secrets.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The documentation for a patent-description retrieval skill includes a separate feedback submission API that is unrelated to the stated tool purpose. Mixing an outbound feedback endpoint into the same reference increases the risk that an agent may transmit user content or conversation summaries to an unintended external service, creating unnecessary data exfiltration and scope creep.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger logic is intentionally broad and says the skill should activate even when the user does not mention the named data source, causing over-selection of the skill for generic patent-description requests. Over-broad activation can route user queries to an external service unnecessarily, increasing the chance of unintended data sharing, wrong-tool invocation, and confused-deputy behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal