Patent Scout
v1.0.1通过百度或Google Patents在线检索中国专利信息,支持关键词和专利号查询,输出结构化专利摘要和申请人等数据。
⭐ 0· 114·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description describe online patent search; the bundle includes a Node.js script (axios + cheerio) and CLI instructions to query Baidu/Google Patents which is exactly what's needed for that purpose. Dependencies and required binaries (Node/npm at runtime) are proportionate. Minor inconsistencies: package.json version is 1.0.0 while scripts and _meta.json reference 2.0.0 and registry metadata shows 1.0.1 — and SKILL.md's install path (cd internal/java/patent-scout) doesn't match the file layout. These look like packaging/editorial issues, not functional mismatches.
Instruction Scope
SKILL.md instructs running the included script with flags, using --proxy for Google Patents, and exporting results to a file — all within the patent-search scope. The instructions do not request or read unrelated system files, environment secrets, or non-user-provided credentials. The script performs network requests to external patent sites (expected for this skill).
Install Mechanism
No formal install spec in the registry (instruction-only), but package.json and package-lock.json are included and SKILL.md recommends npm install. Dependencies are standard (axios, cheerio, commander, https-proxy-agent) and package-lock entries reference the npmmirror registry (a common China npm mirror). Because there is no curated install spec, installing requires running npm install locally — which will fetch packages from the registry specified in package-lock.json.
Credentials
Skill declares no required environment variables or credentials. The code accepts a user-provided --proxy option (user-supplied) and sets a synthetic BAIDUID cookie header for requests — neither require secrets. There are no requests for unrelated tokens/keys and the script does not appear to read hidden config paths.
Persistence & Privilege
always is false and the skill does not request persistent or elevated system privileges. It writes output only to a user-specified file (if used). Autonomous model invocation is allowed (platform default) but not combined with any unusual privileges here.
Assessment
This skill appears to do what it claims: an npm/Node.js scraper for patent results from Baidu or Google Patents. Before installing or running it: (1) inspect the included scripts yourself (or run in an isolated environment) because npm install will fetch third‑party packages; (2) note small metadata inconsistencies (version numbers and an odd install path in SKILL.md) — not malicious but worth confirming you have the correct release; (3) be careful when using a proxy: provide only proxies you trust (an attacker-controlled proxy could see all traffic you send through it); (4) respect target sites' robots/TOS and throttle requests (SKILL.md already warns about rate limits); (5) if you need higher assurance, run npm install with a lockfile audit or use a sandbox/container to execute the tool.Like a lobster shell, security has layers — review code before you run it.
latestvk97568x7wv2rzg51zv1js4nkxd838g91
License
MIT-0
Free to use, modify, and redistribute. No attribution required.