2026-3-22dataset

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed RAGFlow management skill that can change or delete remote datasets, so it should be used with a scoped API key and explicit confirmations.

Install only if you intend to let the agent manage the selected RAGFlow instance. Use a least-privilege RAGFlow API key, set RAGFLOW_API_URL only to the intended server, avoid uploading sensitive local files unless approved, and require the agent to show exact dataset or document IDs before any delete or bulk update.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill declares required environment variables and invokes bundled Python scripts that inherently read files and make network requests to the RAGFlow API, but it does not declare corresponding permissions in a structured permissions model. This creates a trust and review gap: operators may approve or run the skill without clear visibility that it can access secrets, local files, and external services.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The script performs destructive dataset deletion immediately when invoked with --ids, with no confirmation prompt, dry-run mode, or extra safeguard. In an agent skill context, this increases the chance that a mistaken invocation, prompt-injection-influenced action, or malformed automation workflow could permanently delete datasets that may be difficult to recover.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal