Zeelin Patent Retriever

Security checks across malware telemetry and agentic risk

Overview

This patent-search skill mostly matches its purpose, but it needs review because it uses Google Cloud credentials and does not strictly enforce the promised Google Patents BigQuery table scope.

Install only if you are comfortable using your Google Cloud project for BigQuery queries. Use a dedicated least-privilege service account, expect possible BigQuery charges and cloud-side query logging, set billing limits where possible, and review query_plan.json before execution, especially that table remains patents-public-data.patents.publications and that filters and limits match your intent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill requires cloud credentials and sends user-supplied patent research queries to Google BigQuery, but it does not clearly disclose the privacy, data-handling, and billing implications of doing so. Users may unknowingly expose confidential search intent, sensitive technical topics, project identifiers, or incur cloud charges under their own account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal