Back to skill

Security audit

RagClaw Knowledge Base

Security checks across malware telemetry and agentic risk

Overview

RagClaw is a coherent local knowledge-base skill, but users should be careful about what files and URLs they index.

Install only if you trust the external @emdzej/ragclaw-cli package. Index narrow folders and known URLs, avoid secrets or broad home directories, use include/exclude and crawl limits, prefer explicit /kb commands, and remove or prune anything indexed by mistake.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly supports indexing remote URLs, crawling linked pages, and downloading embedding models, but it does not clearly warn users that these actions generate outbound network traffic and pull untrusted external content into the local system. In an agent context, this can lead to unintended data exposure, SSRF-like access to internal resources, or policy violations if the agent is allowed to fetch arbitrary URLs without strong safeguards.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger set includes very generic natural-language phrases such as "knowledge base," "index documents," and "find in docs," which can overlap with ordinary conversation and unintentionally invoke the skill. Because the skill can index files, directories, and URLs and modify local knowledge-base state, accidental activation could cause unintended data ingestion, crawling, or configuration-changing workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.