ClawHub

QDrant Ingestion & Retrieval Best Practices

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Qdrant/RAG guidance skill with some production caveats, but no hidden execution, persistence, or data exfiltration behavior.

Reasonable to install as a Qdrant/RAG reference skill. Treat the code snippets as templates: review access-control and deletion/upsert operations before applying them, replace raw query logging with privacy-preserving telemetry, and correct the duplicate-chunk metadata refresh behavior before using the ingestion example in production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The prose says within-source deduplication should key on `content_hash` and `parent_doc_id`, but the implementation checks `content_hash` and `source_record_id`. If multiple parent documents can exist under one source record, this mismatch can cause incorrect deduplication behavior, leading to skipped writes, stale metadata, or data integrity issues in retrieval and lifecycle handling.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description is extremely broad, activating on generic terms like Qdrant, RAG pipeline, chunking, embeddings, and hybrid search. This can cause the skill to be invoked in contexts where it is not specifically needed, increasing the chance that unrelated workflows inherit its instructions or operational assumptions, which can lead to inappropriate data-handling or architecture guidance being applied.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The observability example explicitly logs raw query text and returned document IDs, which can expose sensitive user inputs, business context, or references to restricted documents in telemetry systems. In a retrieval architecture handling access-controlled enterprise content, these logs may become a secondary data store accessible to operators or downstream logging platforms, increasing privacy, compliance, and insider-risk exposure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal