patent-disclosure

Security checks across malware telemetry and agentic risk

Overview

This is a coherent patent-disclosure drafting and Word-export skill, with some install and file-hosting risks users should understand before using it for confidential invention details.

Install only if you are comfortable with python-docx being installed if missing and with generated disclosure files being saved under the server uploads path as download links. For confidential invention material, confirm the upload directory is private, access-controlled, and cleaned up, and prefer a pinned/preinstalled python-docx dependency in managed environments.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (7)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: for cmd in commands: try: proc = subprocess.run( cmd, timeout=180, capture_output=True,
Confidence: 92% confidence
Finding: proc = subprocess.run( cmd, timeout=180, capture_output=True, text=True, )

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill declares no permissions even though its documented behavior implies shell execution, local file reads/writes, and environment access via Python/importlib and package installation. This creates a transparency and policy-enforcement gap: operators and users cannot accurately assess what the skill can do, and hidden capabilities increase the risk of misuse if the export path or installer logic is abused.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The skill description frames the feature as a simple Markdown-to-Word export without tokens, but the documented behavior includes automatic third-party dependency installation and writing server-side files that are exposed through download URLs. That mismatch is dangerous because it hides supply-chain and data-exposure risks: runtime installs can execute untrusted package code, and generated documents may be accessible to unintended parties if URLs or storage are not properly isolated.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The skill is described as a local patent disclosure/export utility, but this file performs package installation via pip/uv, which is behavior outside the narrow stated purpose. That mismatch is security-relevant because users and reviewers may not expect networked dependency changes or subprocess execution from a document-export helper.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: Runtime package installation is not necessary to fulfill the core patent-disclosure templating/export function and introduces elevated risk. It can pull code from package indexes, alter the Python environment, and create a supply-chain exposure in contexts where the user expected offline or purely local document processing.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The file automatically attempts package installation without any user-facing confirmation or warning in this code path. Silent environment modification is dangerous in agent settings because it can violate least surprise, bypass operator review, and cause unwanted outbound access or system changes.

Unpinned Dependencies

Low

Category: Supply Chain
Content: python-docx>=1.1.0
Confidence: 98% confidence
Finding: python-docx>=1.1.0

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal