Andara Rag Search
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is a coherent database search helper, but it gives the agent broad raw database-reading instructions for sensitive business and customer data using an undeclared database credential.
Install only if this agent should have read access to the Andara database. Use a read-only, least-privilege DATABASE_URL, limit which tables and columns the agent can query, and be especially careful with customer emails, order data, revenue, equity, and internal meeting content.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed in an environment with DATABASE_URL set, the agent could read private business, customer, revenue, and equity information using whatever database privileges that URL grants.
The skill relies on a database connection string and documents access to customer, order, email, and equity-related data. The provided metadata declares no required env vars or primary credential, so this high-impact access is under-declared and not clearly scoped.
psql "$DATABASE_URL" ... `team_members` ... `email`, `equity_percent`; `orders` ... `customer_name`; `customers` ... `name`, `email`
Declare DATABASE_URL and psql as requirements, use a least-privilege read-only database role, restrict accessible tables and columns, and require explicit user approval before returning customer, financial, or equity data.
A mistaken or manipulated query could read more data than intended, query unrelated tables, or rely on database permissions rather than the skill’s stated read-only rule.
The skill exposes raw SQL execution through bash with free-form search term substitution. The read-only limitation is documented, but not technically enforced by the artifact, and the examples do not use parameterized queries or an allowlisted search wrapper.
Run a PostgreSQL query against the `knowledge_base` table using the `bash` tool ... Replace `SEARCH_TERM` with the relevant keyword(s). ... Never INSERT, UPDATE, or DELETE — read-only access only
Prefer a narrow helper or stored procedure that only performs parameterized SELECT queries against approved tables, enforces LIMITs, and redacts sensitive columns by default.
Search results could surface sensitive historical business context or misleading stored guidance if the indexed knowledge base contains outdated or poisoned records.
The skill searches persistent RAG and memory-like content, including learned lessons and policies. That is aligned with the purpose, but retrieved content may be stale, sensitive, or should not be treated as higher authority than system or user instructions.
`knowledge_base` | RAG chunks (3,800+) ... `rag_memory_objects` | Learned lessons & policies ... Any indexed content
Treat retrieved RAG content as reference material, not instructions; verify important business facts; and avoid returning personal or customer data unless the user explicitly needs it.