Solution Case Finder

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is purpose-aligned but should be reviewed because it can send potentially confidential engineering problem descriptions to an external Patsnap MCP service without a clear consent or privacy warning.

Install only if you are comfortable sending technical problem descriptions to the configured Patsnap MCP endpoint. Avoid including trade secrets, unreleased product details, customer data, or sensitive patent strategy unless your organization has approved that endpoint and data handling.

SkillSpector (3)

By NVIDIA

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger list is unusually broad and includes generic phrases like 'technical problem', 'engineering problem', and 'how others solved', which can cause the skill to activate during ordinary technical conversations that were not intended to invoke this external-case lookup flow. That increases the chance of unintended tool use, unnecessary data sharing to the MCP endpoint, and user confusion about why patent-derived case retrieval was invoked.

Natural-Language Policy Violations

High

Confidence: 88% confidence
Finding: The skill mandates English-only output and internal translation without user opt-in, which can override user language preferences and silently transform technical meaning. In a security-sensitive or high-precision engineering context, this can introduce ambiguity, mistranslation of constraints, and loss of important nuance before the MCP query is made.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document instructs clients to send a user's technical problem description directly to an external MCP endpoint, but it does not include any warning, consent requirement, or data-handling guidance. Because technical problem descriptions can contain confidential product, R&D, or customer information, this creates a realistic risk of unintended third-party data disclosure through normal use of the skill.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal