ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

patent-search

v1.0.7

Search, view and analyze patents directly in OpenClaw. Supports global patent databases with intelligent search and analysis features.

0· 233·0 current·0 all-time
by@windinwing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code and SKILL.md implement a patent-search client for the 9235.net API (search, details, downloads, analysis). Declared runtime requirements in SKILL.md (python3, requests, PATENT_API_TOKEN) align with that purpose. However, the packaged files include a config.json containing a filled-in token and multiple scripts that attempt to read a hardcoded OpenClaw user config path (/Users/xiaoxiao/.openclaw/openclaw.json). The latter is unexpected for a general skill (looks like a developer artifact) and shipping a config.json with a token is inappropriate.
!
Instruction Scope
SKILL.md's runtime instructions are normal for a CLI-style skill, but the code goes beyond the documented scope: several scripts (analyze_trend.py, trend_alternative.py, accurate_trend.py, analyze_applicant.py) try to read the host OpenClaw config at a specific user path to extract an apiKey. check_env.py enumerates and prints PATENT_* and OPENCLAW_* environment variables and will print partial token contents. Those behaviors are not declared in the top-level registry metadata or in the SKILL.md configuration instructions and constitute scope creep (reading user config and environment info that may contain secrets).
!
Install Mechanism
Registry shows 'No install spec' but SKILL.md contains an embedded metadata/install snippet that calls for pip installing requests (reasonable). However SKILL.md instructs running python3 setup.py and chmod ./setup.py which references a setup.py that is not present in the file manifest. The skill also includes a config.json with a populated token in the package — shipping credentials in the repo is a security/privacy concern. The SKILL.md's manual install uses 'pip3 install ... --break-system-packages' which is potentially disruptive on some systems.
!
Credentials
Top-level registry metadata reported no required env vars, but the SKILL.md metadata declares primaryEnv: PATENT_API_TOKEN. Several files expect the PATENT_API_TOKEN or read tokens from a config.json or from the user's OpenClaw config file. The included config.json contains a non-placeholder token value (appears real). Scripts print environment variables and partially expose token contents. Requesting/using a single PATENT_API_TOKEN is proportionate for this service — but the presence of an embedded token and code that reads arbitrary OpenClaw config paths / prints env vars is disproportionate and suspicious.
Persistence & Privilege
The skill is not marked 'always: true' and uses default model invocation behavior (allowed). It does not attempt to modify other skills or system settings in the manifest. However, because it can invoke network requests and the code will attempt to read local config and environment variables to locate tokens, autonomous invocation combined with the secret-leaking artifacts increases blast radius. This is a cautionary note rather than a policy violation by itself.
Scan Findings in Context
[unicode-control-chars] unexpected: Pre-scan detected unicode control characters in SKILL.md (prompt-injection pattern). This may indicate an attempt to obfuscate or manipulate prompts; not expected for a normal skill README.
What to consider before installing
What to consider before installing: - Do not trust the included config.json: it contains a filled-in API token. Treat that token as exposed and rotate/revoke it if it belongs to you. Prefer a config.json with a placeholder value instead. - The code contains hardcoded developer paths (/Users/xiaoxiao/.openclaw/openclaw.json) and will try to read your OpenClaw config for api keys. This is unexpected and could leak secrets; inspect/modify those read locations or remove those code paths before running in a sensitive environment. - check_env.py prints environment variables (including PATENT_* and some OPENCLAW_* vars). Avoid running that script on machines with sensitive env vars set. - SKILL.md references setup.py but the package manifest does not include setup.py — installation instructions appear inconsistent. Don't run install commands you don't understand (the manual install suggests --break-system-packages). - There's a pre-scan prompt-injection signal (unicode-control-chars) in SKILL.md. While not definitive, it warrants caution; inspect the raw SKILL.md for hidden characters. - If you want to use this skill: (1) remove or sanitize config.json, (2) replace any embedded token with placeholders, (3) search/neutralize code that reads /Users/xiaoxiao/... and code that prints env/config content, (4) run in an isolated environment (container/VM) and audit network calls to https://www.9235.net before providing real tokens. - If you cannot audit the code yourself, request a source/homepage or a trusted publisher and ask the author to remove hardcoded credentials and developer-specific paths prior to installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk979q03k69ffecdcrvzdctgwbx833pmq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments