ClawHub

N8N QDrant workflow expert

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill teaches n8n/Qdrant RAG workflows with disclosed external AI and storage integrations, but users must scope data and credentials carefully before using the examples.

Install only if you are comfortable using guidance that may lead agents to build workflows moving internal messages, documents, prompts, and retrieved context into external AI, vector database, chat, and backup systems. Before importing examples, restrict source channels and folders, use least-privilege credentials, avoid regulated or secret data unless approved, add redaction and retention controls, validate delete filters, and secure backup destinations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (12)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation explicitly claims the workflow filters out already-ingested Slack messages, but the provided JSON shows no deduplication check before upserting into Qdrant. This can cause repeated ingestion of the same messages, leading to duplicate vectors, misleading retrieval results, unnecessary API usage, and inflated storage/costs; in security-sensitive contexts it can also distort downstream AI outputs and auditability.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document instructs users to ingest data from Slack, Fireflies, Google Drive, databases, and APIs into Qdrant, but it does not mention privacy classification, consent, retention, access control, or redaction requirements. In this context, the omission materially increases the risk that sensitive or regulated data will be bulk-ingested and stored in a vector database without appropriate safeguards.

Missing User Warnings

High
Confidence
97% confidence
Finding
This section directs operators to send the full document text to external LLMs such as Gemini Flash or GPT-4o-mini for metadata extraction. Sending complete source documents to third-party model providers can expose confidential business data, personal data, credentials, or regulated content if data handling terms, minimization, and redaction are not enforced.

Missing User Warnings

High
Confidence
96% confidence
Finding
The embedding workflow sends content and associated metadata to external embedding APIs, but the document does not warn that this is a data disclosure boundary. Because embeddings and metadata may encode or directly contain sensitive information, this can leak internal or personal data to third-party services and create compliance issues.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The notification flow recommends reporting completion and failed records through Slack or Telegram without warning that operational messages may expose document identifiers, source details, or error payloads in less-controlled channels. This can unintentionally broaden access to sensitive ingestion metadata and incident details.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The automated update path performs delete-and-reingest by deleting points by doc_id with no warning about irreversibility, rollback, or validation safeguards. If triggered incorrectly or with a malformed doc_id filter, it can cause unintended data loss and degrade retrieval integrity.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document explicitly recommends sending user chat input and retrieved document text to external APIs such as a re-ranking service, but it does not mention privacy, consent, data minimization, or handling of sensitive content. In a RAG system, retrieved chunks may contain internal documents, personal data, or confidential business information, so following this guidance as-is can lead to unintended third-party data disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow sends user queries and retrieved context to external OpenAI endpoints for embeddings and answer generation, but the example does not include any privacy notice, consent step, minimization guidance, or redaction controls. In a RAG system over internal Slack, meeting transcripts, and company documents, this can expose sensitive internal data to third-party processors and create compliance or confidentiality issues.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The example encourages exporting Slack message content to OpenAI for metadata extraction and to Qdrant for storage without any privacy notice, consent guidance, or data-classification restrictions. Slack channels often contain sensitive internal data, credentials, customer information, HR content, or regulated material, so omitting warnings increases the risk of unreviewed third-party data transfer and policy noncompliance.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow explicitly exports the full collection payloads to Google Drive on a weekly schedule, which can expose sensitive or proprietary data to a secondary storage system with different sharing, retention, and access controls. In this context, the danger is increased because the document presents the export as a routine backup pattern without any guidance on data minimization, encryption, access restrictions, or privacy review.

External Transmission

Medium
Category
Data Exfiltration
Content
"type": "n8n-nodes-base.httpRequest",
      "position": [-600, -80],
      "parameters": {
        "url": "https://api.openai.com/v1/embeddings",
        "method": "POST",
        "sendHeaders": true,
        "headerParameters": {
Confidence
88% confidence
Finding
https://api.openai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
"type": "n8n-nodes-base.httpRequest",
      "position": [200, 0],
      "parameters": {
        "url": "https://api.openai.com/v1/chat/completions",
        "method": "POST",
        "sendHeaders": true,
        "headerParameters": {
Confidence
95% confidence
Finding
https://api.openai.com/

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal