Patent Scout

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward patent-search skill, with the main caveat that Baidu results are heuristic web-search results rather than authoritative patent records.

Before installing, review the npm dependencies and remember that Baidu-derived results may be incomplete or inaccurate. Avoid searching confidential invention details unless you are comfortable sending them to Baidu, Google Patents, and any proxy you configure, and verify important patent facts against an authoritative patent database.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The Baidu path does not query a patent-specific source; it scrapes general Baidu web search results and heuristically extracts patent IDs and metadata from arbitrary snippets. In a skill advertised as returning structured patent intelligence, this can misattribute titles, applicants, dates, or legal status from unrelated or low-trust pages, leading users or downstream agents to rely on fabricated or misleading patent data.

Intent-Code Divergence

Low

Confidence: 88% confidence
Finding: The output reports Baidu-derived results as coming from '百度学术' even though the code actually queries general Baidu search. This source mislabeling can mislead users into assigning higher credibility to the results than warranted, increasing the chance of incorrect business or legal decisions based on unverified data.

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal