ragflow-skill-python0418

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed RAGFlow management skill whose API-key, network, upload, update, and delete capabilities match its stated purpose, with care needed around destructive commands.

Install only if you trust the configured RAGFLOW_API_URL, because the API key and uploaded files are sent there. Use the least-privileged RAGFlow key available, and require explicit confirmation before any dataset or document delete command.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill clearly relies on sensitive capabilities via environment variables, local file paths for uploads, and outbound network access to the RAGFlow API, yet it does not declare explicit permissions. This weakens security review and runtime policy enforcement because users and orchestrators may not realize the skill can access API secrets, read files, and transmit data externally.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal