ClawHub

Ai Rag Pipeline

Security checks across malware telemetry and agentic risk

Overview

This RAG skill appears purpose-built rather than malicious, but it needs Review because its examples combine broad inference CLI execution with under-scoped handling of untrusted retrieved content and external LLM data sharing.

Install only if you are comfortable using inference.sh as an external processing provider for your queries, search results, and extracted document contents. Avoid using it on secrets, private business documents, customer data, or regulated information unless you have approval. Prefer workflows that build JSON with a real encoder, quote inputs safely, and require user confirmation before processing untrusted URLs or large retrieved content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples instruct users to pass retrieved external content directly into third-party LLM endpoints without any explicit warning that the content will be transmitted to external providers. In a RAG workflow, retrieved results may contain sensitive, proprietary, or regulated data, so omitting disclosure and handling guidance can lead to unintended data sharing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This workflow extracts full document contents from URLs and then forwards that content to an external LLM for analysis, again without warning about data transmission or sensitivity. That increases risk because users may analyze private reports, customer data, or internal documents and unknowingly expose their contents to multiple external services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal