ClawHub

Enterprise Knowledge Base Reader

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent read-only enterprise knowledge-base reader, but it needs review because it can automatically read shared internal KB data and sends query text to external embedding providers despite local-only wording.

Review before installing in any environment with confidential KB content. Only use it if users are allowed to query the shared enterprise knowledge base and if sending query text to DashScope/OpenAI-compatible embedding services is acceptable. Use dedicated API keys, restrict access to the kb-data directory, clarify the local-only documentation, and pin dependencies or use a lockfile for managed deployments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest description says the skill must be prioritized for essentially any business, policy, FAQ, process, or project question, which is overly broad and can cause unnecessary invocation on sensitive or unrelated prompts. In context, this is more dangerous because the skill is marked always-load and reads enterprise knowledge-base content, increasing the chance of unintended retrieval or disclosure of internal information.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The function transmits arbitrary input text to an external API without any visible consent, policy gate, redaction, or sensitivity check. In an enterprise knowledge-base context, user queries or indexed text may contain internal business, HR, or project information, so silent off-box transmission creates a real confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Batch embedding amplifies the same issue by sending multiple texts in one request, increasing the volume of internal data disclosed to the third-party provider. If the batch contains knowledge-base documents, policy text, or employee information, a single call can expose a larger portion of enterprise content outside the local trust boundary.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 知识库只读查询器依赖
chromadb>=0.4.15
openai>=1.3.0
dashscope>=1.14.0
numpy>=1.24.0
Confidence
92% confidence
Finding
chromadb>=0.4.15

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 知识库只读查询器依赖
chromadb>=0.4.15
openai>=1.3.0
dashscope>=1.14.0
numpy>=1.24.0
sentence-transformers>=2.2.2
Confidence
93% confidence
Finding
openai>=1.3.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 知识库只读查询器依赖
chromadb>=0.4.15
openai>=1.3.0
dashscope>=1.14.0
numpy>=1.24.0
sentence-transformers>=2.2.2
jieba>=0.42.1
Confidence
92% confidence
Finding
dashscope>=1.14.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
chromadb>=0.4.15
openai>=1.3.0
dashscope>=1.14.0
numpy>=1.24.0
sentence-transformers>=2.2.2
jieba>=0.42.1
rank-bm25>=0.2.2
Confidence
96% confidence
Finding
numpy>=1.24.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.3.0
dashscope>=1.14.0
numpy>=1.24.0
sentence-transformers>=2.2.2
jieba>=0.42.1
rank-bm25>=0.2.2
Confidence
90% confidence
Finding
sentence-transformers>=2.2.2

Unpinned Dependencies

Low
Category
Supply Chain
Content
dashscope>=1.14.0
numpy>=1.24.0
sentence-transformers>=2.2.2
jieba>=0.42.1
rank-bm25>=0.2.2
Confidence
89% confidence
Finding
jieba>=0.42.1

Unpinned Dependencies

Low
Category
Supply Chain
Content
numpy>=1.24.0
sentence-transformers>=2.2.2
jieba>=0.42.1
rank-bm25>=0.2.2
Confidence
89% confidence
Finding
rank-bm25>=0.2.2

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal