Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
librag-recall
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill coherently calls a configured LibRAG knowledge-base recall API and does not show hidden exfiltration, destructive actions, or deceptive behavior.
This appears safe for its stated purpose. Before installing or using it, replace the placeholder API key with a scoped LibRAG key, keep config.json private, confirm the base_url is your intended local or trusted LibRAG service, and remember that retrieved source passages may contain sensitive knowledge-base content.
Static analysis
Install untrusted source
Warn
- Finding
- Install source points to URL shortener or raw IP.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Anyone using the skill with a real API key allows the agent to query the configured LibRAG knowledge base within that key’s permissions.
Why it was flagged
The script uses the configured API key to authenticate to LibRAG. This is required for the stated purpose, but it grants access to whatever knowledge base the key permits.
Skill content
"Authorization": f"Bearer {api_key}",Recommendation
Use a least-privilege LibRAG key, keep config.json private, and verify that base_url points to the intended LibRAG service.
What this means
Knowledge-base passages may enter the agent’s working context and final answer, including sensitive or outdated content if the selected knowledge base contains it.
Why it was flagged
The skill defaults to returning original source text from the knowledge base. That is central to evidence retrieval, but the returned content may be sensitive or should not be over-trusted without source review.
Skill content
- `has_source_text`:默认 `true`。
Recommendation
Query only authorized knowledge bases, review cited passages before relying on them, and disable source-text return when full excerpts are not needed.