RAG Search

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real RAG search tool, but it depends on unreviewed local code and does not clearly disclose where queries are processed.

Install only if you control and trust the local rag_system directory. Before use, review search_pipeline.py and embedding_client.py, confirm whether Qwen embedding or rerank calls leave the machine, and avoid sending sensitive queries unless that data flow is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The module docstring states the skill only returns original retrieval results and does not rewrite or reason, but the implementation also invokes external embedding and reranking services that materially affect output selection. This mismatch can mislead operators and users about data flow and processing behavior, reducing informed consent and making privacy/security review less reliable.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill sends user query text to QwenEmbeddingClient and QwenRerankClient without any disclosure, consent mechanism, or visible data-handling notice in this file. If queries contain sensitive or regulated information, this can cause unintended data exfiltration to external services and violate privacy or compliance expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal