doc-search
Security checks across malware telemetry and agentic risk
Overview
The skill is purpose-aligned for local document search, but it auto-loads a local pickle database, which can be unsafe if the stored data is tampered with, and it persists document/query content on disk.
Install/use this only in trusted projects, be aware that indexed document text is stored under ./chroma_data, and remove or clear that directory when you do not want the data retained. Do not run it in directories containing untrusted chroma_data pickle files.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an attacker or untrusted project places a malicious documents_data.pkl file in the expected ./chroma_data location, using the skill could run unintended code in the user's environment.
The vectorizer automatically loads a pickle file from its persistence directory when initialized. Python pickle deserialization can execute code if the file is malicious or has been tampered with.
self._load_from_disk()
...
with open(self.data_file, 'rb') as f:
data = pickle.load(f)Only use this skill in trusted directories, delete unexpected ./chroma_data/*.pkl files, and prefer a safer storage format such as JSON/SQLite or add integrity checks before loading pickle files.
Private document snippets and search state may remain on disk and influence later searches until the collection is cleared or the data directory is removed.
The documentation clearly states that vectorized document data and indexes are persisted and automatically reloaded.
向量数据:`chroma_data/documents_data.pkl` 文件索引:`chroma_data/documents_index.json` 自动保存:每次添加/删除文件后自动保存 自动加载:初始化时自动恢复数据
Use a dedicated persistence directory, avoid indexing sensitive files unless retention is acceptable, and clear or delete the chroma_data directory when the stored knowledge base is no longer needed.