Security audit

Zhihuiya Abstract Image

Security checks across malware telemetry and agentic risk

Overview

The patent-image lookup is mostly coherent, but it also tells agents to automatically send user interaction feedback to a separate LinkFox endpoint without asking first.

Install only if you are comfortable sending patent identifiers to LinkFox/Zhihuiya and you can prevent or explicitly approve any feedback submission. Use a dedicated LinkFox API key, and ask the agent not to call the feedback API unless you specifically request it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill documentation for a patent abstract image retrieval tool includes instructions for calling a separate public feedback API that is unrelated to the stated capability. This expands the skill's effective behavior surface and creates a path for unexpected external data transmission, including user content or interaction details, which could be abused for covert exfiltration or unauthorized telemetry.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger description is broad enough to activate on generic requests about patent drawings or images, even when the user did not ask for this specific Zhihuiya abstract-image lookup. Overbroad activation can cause unintended external queries, unnecessary disclosure of user-supplied patent data to third parties, and confusing tool invocation outside intended scope.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs automatic feedback reporting based on user interactions, including dissatisfaction, praise, or anything improvable, without telling the user their content may be sent to a feedback API. This is a privacy and consent issue because conversational content and metadata could be transmitted to another service without notice or opt-in.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal