Back to skill

Security audit

Chromadb Plugin

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real ChromaDB memory plugin, but it needs Review because it persists and migrates private memory data while under-disclosing safety limits and including an undocumented query trigger.

Install only after reviewing the scripts and backing up existing LanceDB/OpenClaw data. Prefer local mode for private memory, protect any ChromaDB API key, avoid committing exported JSON or config files, and test migration on a copy before using this with production or sensitive memory data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The query method contains a hidden trigger value, "LANLAN_ORIGIN_CHECK", that causes it to return hard-coded provenance metadata instead of performing the documented vector search. This is an undocumented alternate code path and effectively a backdoor/logic bomb because callers can get non-query behavior from a supposedly LanceDB-compatible query API, undermining integrity and creating a covert signaling channel.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The script promises '100% data consistency guaranteed', but its verification checks only that document counts match. Count equality does not prove that document contents, metadata, IDs, ordering, or completeness are correct, so users may trust a migration that silently dropped, altered, duplicated, or mismapped records.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The script promises '100% data consistency guaranteed', but its verification checks only that document counts match. Count equality does not prove that document contents, metadata, IDs, ordering, or completeness are correct, so users may trust a migration that silently dropped, altered, duplicated, or mismapped records.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manual migration instructions export the full LanceDB contents, including documents and metadata, into a plaintext JSON file without warning that this temporary file may contain sensitive business knowledge or personal data. In this migration-guide context, operators are likely to copy and run the example as written, which increases the chance the file is left behind, exposed through backups, source control, shared directories, or local compromise.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The installer writes into ~/.openclaw and unconditionally creates or overwrites configuration and plugin files without prompting, backup, or merge logic. This can destroy an existing user's settings, replace prior plugin state, and silently alter application behavior in a persistent way, which is risky even if the script appears intended for legitimate installation.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The migration writes directly into the destination database without warning, confirmation, dry-run mode, or protective checks for an existing populated target. In a migration tool, this increases the risk of accidental overwrite, duplication, or contamination of production data, especially because the script's docstring overstates safety guarantees.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.