zhihuiya-patent-tracker
PassAudited by ClawScan on May 14, 2026.
Overview
This appears to be a legitimate patent-search skill, but it relies on a global mcporter CLI, Zhihuiya MCP servers, and a locally stored API key.
Install this only if you have an authorized Zhihuiya/PatSnap account and are comfortable sending patent-search queries to the configured MCP servers. Verify the mcporter package and MCP URLs, protect the API key in the local config file, and monitor any API quota or cost from broad searches.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may make several patent-database API calls per request, especially when expanding patent families.
The skill directs the agent/user to invoke local mcporter commands and MCP tools multiple times. This is central to the patent-tracking purpose and is disclosed, but users should expect external API/tool activity.
第3轮(同族 + 详情批量获取)... mcporter call 专利速览简报MCP.family ... mcporter call 医药情报MCP.ls_patent_fetch
Use it for intended patent-search tasks, and confirm broad searches if API quota, cost, or query confidentiality matters.
Anyone with access to the local mcporter config could potentially use the configured patent-data account.
The skill requires a Zhihuiya/PatSnap-style bearer API key in the mcporter configuration. This credential use is expected for the integrated service and is disclosed, but it is sensitive.
"Authorization": "Bearer sk-xxxxxxxxxxxx" ... "API Key 获取":联系智慧芽商务或企业管理员开通权限
Use an official, least-privilege API key; keep the config file private; and revoke or rotate the key if it may have been exposed.
The safety of the local CLI depends on the external mcporter package and npm supply chain.
The setup asks users to install a global npm CLI package, with no pinned version in the command. This is purpose-aligned and user-directed, but the package itself is outside the provided artifacts.
npm install -g mcporter
Verify the mcporter package source before installing, prefer trusted/internal installation instructions, and keep Node/npm packages updated.
Target names, patent numbers, and search parameters may be visible to the configured Zhihuiya MCP service.
The skill configures remote MCP servers for patent search and related data retrieval. This is disclosed and aligned with the purpose, but user queries and patent identifiers are sent to those endpoints.
"url": "https://connect.zhihuiya.com/096456/logic-mcp" ... "https://connect.zhihuiya.com/1458a4/mcp" ... "https://connect.zhihuiya.com/958a46/mcp"
Only submit confidential targets if your organization allows using this provider, and verify the MCP server URLs before adding credentials.