ragtop-planner

Security checks across malware telemetry and agentic risk

Overview

This is a coherent RAGTOP planning skill, but it should only be used with a trusted endpoint and a scoped API token.

Before installing, confirm RAGTOP_API_URL points to an approved RAGTOP service, preferably HTTPS unless it is strictly on a trusted internal network. Use a least-privilege, revocable RAGTOP_API_TOKEN, and avoid sending sensitive business requirements or proprietary knowledge-base content unless that service is approved to handle it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly requires an API token and instructs the agent to send requests and retrieval queries to an external RAGTOP service, but it does not clearly warn that user prompts, query terms, document identifiers, and potentially sensitive knowledge-base content will leave the local environment. This creates a real data-governance and privacy risk because operators may use the skill assuming processing is local or trusted without informed consent or data classification checks.

External Transmission

Medium

Category: Data Exfiltration
Content: - 返回（关键字段）：`data.kbs[]`、`data.total` ```bash curl -L -X POST "${RAGTOP_API_URL}/api/v1/ragtop/tool/list_kb" \ -H "Authorization: Bearer ${RAGTOP_API_TOKEN}" \ -H "Content-Type: application/json" ```
Confidence: 97% confidence
Finding: curl -L -X POST "${RAGTOP_API_URL}/api/v1/ragtop/tool/list_kb" \ -H "Authorization: Bearer ${RAGTOP_API_TOKEN}" \ -H "Content-Type: application/json" ``` ### 2) list_doc - 方法：`POST` - 路径：`/list_

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal