Security audit

RAGFlow open-source Retrieval-Augmented Generation (RAG) engine — deployment, configuration, management, and troubleshooting.

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent RAGFlow deployment guide, but it includes under-warned commands that can delete deployment data or affect the whole Docker host.

Review this skill before installing if you may run the commands on a production or shared host. Use disposable/test environments when possible, back up RAGFlow data before any `down -v` reset, avoid host-wide Docker cleanup unless you understand its impact, protect API keys and service passwords, and restrict network exposure for the deployed services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill includes configuration and CLI examples that require users to place live API keys into files or commands, but it provides no warning about secret handling, storage hygiene, redaction, or avoiding committing credentials to source control. In a deployment-oriented skill, this can lead to accidental exposure of provider keys in shell history, screenshots, logs, repos, or shared config files.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation instructs users to run `docker compose ... down -v`, which irreversibly deletes attached volumes and therefore application data. Although it includes a brief `WARNING: data loss`, it does not clearly explain scope, backup expectations, or safer alternatives, so users may destroy production data while following routine migration steps.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The troubleshooting advice suggests `docker system prune -a`, which can delete unused images, containers, networks, and build cache across the entire Docker host, not just this application. Without a strong warning about host-wide impact, operators may unintentionally disrupt other workloads or remove important cached artifacts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.