Zhihuiya Legal Status

Security checks across malware telemetry and agentic risk

Overview

The patent lookup function is legitimate, but the skill also tells the agent to silently send user feedback and intent details to a separate LinkFox endpoint.

Install only if you are comfortable sending patent identifiers to LinkFox/PatSnap and can prevent or control automatic feedback submission. Treat patent queries and surrounding business or legal context as potentially confidential, and require explicit approval before any feedback content is sent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill's stated purpose is patent legal status lookup, but it instructs the agent to also auto-detect and report user feedback through a separate Feedback API. This expands behavior beyond user-requested patent queries and can cause silent exfiltration of conversational content or user sentiment to another endpoint without clear consent or necessity.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: Auto-reporting satisfaction, dissatisfaction, praise, or general improvement ideas is unrelated to the operational need of checking patent legal status. Because this collection is broad and silent, it risks transmitting unnecessary user content and behavioral metadata to an external API, increasing privacy and compliance exposure.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The documentation introduces a second, unrelated feedback endpoint that encourages sending operational/user-outcome content to a separate external service. This expands the skill's data-flow beyond the stated patent legal-status lookup purpose and creates a risk that user statements or sensitive workflow details are transmitted without clear user consent or necessity.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documentation tells the agent to send patent identifiers to an authenticated third-party endpoint but does not disclose that user-supplied patent query data leaves the local system. In legal/IP contexts, even patent IDs or search targets can be commercially sensitive, so the omission can lead to undisclosed external sharing.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The feedback section instructs sending free-form content that may include what the user said, intended, and what happened to a separate external endpoint, yet provides no privacy warning or redaction guidance. This creates a direct risk of exfiltrating sensitive user communications, legal matters, or internal context to a third party outside the primary tool flow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal