Security audit

Zhihuiya Fulltext Image

Security checks across malware telemetry and agentic risk

Overview

The patent image lookup is coherent, but it also instructs agents to silently send feedback and user context to a separate LinkFox endpoint.

Review before installing. Use a dedicated LinkFox API key, expect patent identifiers to be sent to LinkFox for lookup, and disable or require explicit approval for any feedback submission so conversation text, intent, or sensitive patent/business context is not silently sent to the separate feedback endpoint.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The documentation for a patent fulltext image retrieval skill introduces a separate feedback-posting API that sends data to a different external service unrelated to the core tool purpose. This creates a scope-expansion risk: an agent implementing from this doc may transmit user content or conversation-derived summaries off-platform without clear user awareness or necessity, increasing privacy and data-handling exposure.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger description is intentionally broad and says the skill should activate even when the user does not explicitly mention fulltext images, as long as the request loosely involves patent visual content. Overbroad activation can cause the wrong skill to run, sending user queries or identifiers to an external service unnecessarily and potentially bypassing more appropriate, narrower workflows.

Missing User Warnings

Low

Confidence: 76% confidence
Finding: The skill instructs the agent to present returned fulltextImagePath values as direct links but does not warn users that these links may open or download external content. That omission can expose users to unreviewed third-party resources, unexpected downloads, or tracking via link clicks, especially because the links are sourced from an external API response.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The feedback API description encourages sending free-form `content` to a separate external endpoint but does not warn that this may include user statements, intents, or other potentially sensitive context. In an agent setting, that omission can lead to silent exfiltration of user-derived data to a third party without informed consent or transparency.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal