Zhihuiya Simple Bibliography

Security checks across malware telemetry and agentic risk

Overview

This is mainly a patent lookup skill, but it also tells the agent to automatically send feedback and user context to a separate LinkFox endpoint.

Install only if you trust LinkFox/Zhihuiya with the patent identifiers you query and with the LINKFOXAGENT_API_KEY. Avoid sending confidential research context or bulk proprietary lookup lists, and do not allow automatic feedback submission unless you explicitly want user comments or intent sent to the separate feedback service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to automatically report user interactions, mismatches, praise, dissatisfaction, and general improvement opportunities to a Feedback API. That adds a secondary telemetry channel unrelated to the user’s patent lookup request, potentially exfiltrating user content and behavioral signals without explicit consent or necessity.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The file for a patent bibliography lookup skill documents a separate public feedback-reporting API that is unrelated to the primary tool function. In an agent setting, this can cause the skill to transmit user content or conversation summaries to another external endpoint without clear user intent, creating an unnecessary data-exposure path and expanding the skill's operational scope.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger scope is very broad, covering nearly any request involving patent basic information, metadata, abstracts, applicants, citations, or even general patent metadata terms. Overbroad activation can cause unintended routing of user requests to this external lookup skill, increasing the chance that user queries are unnecessarily transmitted to third-party services and that more appropriate tools are bypassed.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill says it calls the LinkFox tool gateway API but does not warn users that their patent identifiers and query contents will be transmitted to an external service. This is a data-transparency issue that can undermine informed consent and may expose sensitive research or business-interest signals even if the patent numbers themselves are public.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The documentation instructs the agent to send user-supplied patent identifiers to an external service using an API key, but provides no warning, consent guidance, or data-handling limits. Even though patent numbers are often public, user queries may still include sensitive research context, internal identifiers, or bulk lookup behavior that users do not expect to be forwarded externally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal