Vector DB Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent vector database toolkit with expected database, persistence, and optional embedding API behavior, but users should handle sensitive text and dependency versions carefully.

Install only if you need vector database/RAG utilities. Use test collections first, verify collection names before delete calls, choose an intentional Chroma storage path, and do not use provider='openai' with confidential text unless sending that text to OpenAI under your API key is acceptable. For production, install with pinned, scanned dependencies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill documentation and examples indicate capabilities that use network access and potentially environment-derived configuration, but the skill declares no permissions. That mismatch is a real security issue because agents or reviewers may underestimate what the skill can do, especially when it connects to external vector databases or embedding providers. In this context, the toolkit is legitimately intended to access services like Qdrant/Chroma, so the issue is more about transparency and policy enforcement than obviously malicious behavior.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The code sends caller-provided text to a third-party API and uses a credential to do so, but it provides no disclosure, consent boundary, or sensitivity checks. In AI/RAG contexts, those texts may contain proprietary data, user prompts, or secrets, so silent transmission can create a real privacy and compliance risk even if the behavior is functionally intended.

Unpinned Dependencies

Low

Category: Supply Chain
Content: qdrant-client>=1.7.0 chromadb>=0.4.18 numpy>=1.24.0 requests>=2.31.0
Confidence: 94% confidence
Finding: qdrant-client>=1.7.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: qdrant-client>=1.7.0 chromadb>=0.4.18 numpy>=1.24.0 requests>=2.31.0 sentence-transformers>=2.2.2
Confidence: 93% confidence
Finding: chromadb>=0.4.18

Unpinned Dependencies

Low

Category: Supply Chain
Content: qdrant-client>=1.7.0 chromadb>=0.4.18 numpy>=1.24.0 requests>=2.31.0 sentence-transformers>=2.2.2
Confidence: 90% confidence
Finding: numpy>=1.24.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: qdrant-client>=1.7.0 chromadb>=0.4.18 numpy>=1.24.0 requests>=2.31.0 sentence-transformers>=2.2.2
Confidence: 95% confidence
Finding: requests>=2.31.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: chromadb>=0.4.18 numpy>=1.24.0 requests>=2.31.0 sentence-transformers>=2.2.2
Confidence: 92% confidence
Finding: sentence-transformers>=2.2.2

Known Vulnerable Dependency: qdrant-client — 1 advisory(ies): CVE-2024-3829 (qdrant input validation failure )

Critical

Category: Supply Chain
Confidence: 88% confidence
Finding: qdrant-client

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal