ClawHub

Andara Rag Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only business database search helper, but it gives agents broad raw SQL access to sensitive customer, revenue, team, equity, and meeting data without clear access-control or privacy guardrails.

Install only for agents and users authorized to access this Andara database. Use a dedicated read-only DATABASE_URL limited to approved tables or redacted views, avoid production or write-capable credentials, and review queries before allowing searches over customer, revenue, team equity, meeting, or subscriber data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill’s trigger and description are broad enough to invite use for nearly any 'business intelligence question,' which increases the chance of unnecessary or unintended invocation. In this context, unintended use is more dangerous because the skill provides direct database querying over tables containing sensitive internal business, personnel, meeting, customer, and revenue data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly exposes access patterns for tables containing personal and confidential business information, including team emails, equity percentages, meeting notes, customers, orders, and revenue data, but provides no privacy warning, access control guidance, or data-handling restrictions. Because it normalizes direct SQL queries over sensitive datasets, it increases the risk of overexposure, inappropriate disclosure, and misuse by downstream agents or users.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal