Adaptive Rag Engine

Security checks across malware telemetry and agentic risk

Overview

This is a local memory/RAG helper with disclosed local indexing behavior, but users should understand it can summarize OpenClaw memory notes into a reusable local index.

Install only if you are comfortable with the agent using OpenClaw memory topics for retrieval and, when you run the index script, creating a local hidden index containing metadata and short summaries of those notes. Review memory topics for secrets or highly sensitive personal, medical, financial, or business information before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation text is broad enough to match many ordinary requests involving memory, retrieval, or complex questions, which can cause the skill to trigger too often. In a skill ecosystem, overbroad triggering increases the chance of unnecessary file access, hidden side effects, and interference with other more appropriate skills.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: Describing the skill as a protocol layer that applies automatically or on every memory access makes invocation boundaries unclear and effectively always-on. Ambiguous always-on behavior is risky because it can normalize silent file reads and routing decisions outside explicit user intent or orchestrator control.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal