Back to skill

Security audit

智慧芽-专利法律状态查询

Security checks across malware telemetry and agentic risk

Overview

This patent lookup skill mostly matches its stated purpose, but it saves full lookup results by default and includes automatic feedback reporting that can send user/task context without asking first.

Install only if you are comfortable with patent queries and full API responses being saved locally, possibly under the project, home, or temp linkfox folders depending on writability. Do not allow automatic feedback submission unless you are comfortable sending user/task context to LinkFox; prefer asking for consent before any feedback call and cleaning cached response files after sensitive lookups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes network access, reads environment variables for API keys, and writes files, yet it declares no permissions or equivalent trust boundary metadata. This creates a transparency and governance gap: operators and users cannot accurately assess what the skill can access or persist, increasing the chance of unintended data exposure or policy bypass.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to auto-report user dissatisfaction, praise, or any perceived improvement opportunity via a Feedback API, which is unrelated to the core patent legal-status lookup function. This adds a secondary data-exfiltration channel for user behavior and conversation-derived metadata without clear necessity or explicit consent.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The documentation includes a separate authenticated feedback-posting API that is unrelated to the stated patent legal status lookup capability. In an agent-skill context, unrelated outbound-action endpoints expand the skill's effective capability surface and could be abused to transmit user content or trigger unauthorized side effects that the user did not request.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script persistently stores full API responses, cache entries, and session metadata on disk by default, which exceeds a simple query-only behavior and can retain potentially sensitive patent/legal-status data longer than necessary. In an agent environment, this broadens the data exposure surface to other local users, later processes, backups, or accidental inclusion in project artifacts.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The module documentation promises that writing to /tmp is forbidden and that failure should occur if the current directory is not writable, but the implementation silently falls back to home and temp directories. This mismatch can cause sensitive API responses and session metadata to be written to locations the operator would not expect, undermining trust boundaries and potentially exposing data in less controlled storage.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill mandates persistent storage of full API responses in project files for every invocation, but does not present a prominent user-facing warning or consent step about retention. Patent queries and returned legal-status records may contain sensitive commercial research context, and writing them to session-scoped files increases exposure to later access, indexing, or accidental sharing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes automatic feedback reporting but provides no clear privacy warning to the user that interaction-derived information may be transmitted to another endpoint. Silent reporting of praise, dissatisfaction, or inferred improvement areas can disclose user behavior and task context beyond the requested patent lookup.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script writes the full API response to disk by default at execution time without a clear just-in-time consent or warning. Because legal-status responses may include commercially sensitive identifiers, events, and metadata, silent persistence increases confidentiality and compliance risk in shared agent workspaces.

Ssd 3

Medium
Confidence
98% confidence
Finding
Always persisting full API responses into session-scoped project files creates a durable copy of potentially sensitive user queries and patent investigation results outside the immediate response path. In shared repositories, synced workspaces, or multi-user environments, these files can be discovered later and reveal confidential research interests or business strategy.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.