patent-search
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
This appears suitable if you intend to use 9235.net for patent search. Before installing, obtain and protect a dedicated API token, understand that your patent queries go to the external provider, and be cautious with sensitive business or invention details. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You must provide a 9235.net API token, and the skill will use it to authenticate patent API requests.
The skill requires a third-party API credential, even though the registry metadata lists no required env vars or primary credential. The credential use is disclosed and purpose-aligned, so this is a notice rather than a concern.
credentials_required: true credential_env_vars: - PATENT_API_TOKEN openclaw_skill_api_key: "skills.entries.patent-search.apiKey"
Use a dedicated token if possible, keep it out of logs/screenshots, and rotate it if exposed.
Patent searches, company names, and analysis queries may be visible to the external patent API provider.
The skill sends user search terms and patent identifiers to a disclosed third-party API, which is expected for this integration but still affects privacy for sensitive research queries.
Endpoint: `https://www.9235.net/api` (HTTPS). Data sent: Search queries, patent identifiers, pagination/filters, etc.
Avoid submitting confidential strategy or unreleased invention details unless you are comfortable with the provider’s terms and privacy policy.
Manual setup or tests may fail or require users to infer missing Python dependencies.
The README references a requirements.txt file, but the provided manifest does not include one. There is no automatic install step shown, so this is a packaging/completeness note rather than evidence of unsafe execution.
pip install -r requirements.txt
Confirm dependencies from a trusted source before manually installing anything, and prefer a complete package with pinned requirements.
Users could overestimate the privacy protections for sensitive patent or business-intelligence searches.
The README makes broad privacy/security claims. Other documentation more concretely says queries are sent to a third-party provider, so users should not treat these marketing claims as a guarantee.
- End-to-end encryption for API calls - No storage of sensitive search queries - GDPR compliant
Review the provider’s privacy policy and avoid relying solely on broad compliance or encryption statements.