ragora

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Ragora integration that uses one expected API key to search Ragora knowledge bases, with no evidence of hidden code, persistence, or unrelated data access.

Before installing, confirm you intend the agent to send relevant queries to Ragora and that the API key belongs to the right account. Store RAGORA_API_KEY in an environment variable or secret manager, avoid sharing sensitive private data unless Ragora is approved for it, and watch credit or billing usage for marketplace retrievals.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger description is broad enough to activate on generic research, verification, or summary requests, which can cause this skill to be selected outside a clearly user-intended Ragora context. In that state, the agent may begin discovery and external retrieval against Ragora collections, increasing the chance of unnecessary third-party data access and transmission.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal