rrragflow-skill

Security checks across malware telemetry and agentic risk

Overview

This skill coherently manages RAGFlow datasets and documents using a user-configured API key and endpoint, with disclosed upload, search, update, parsing, and deletion capabilities.

Install only if you trust the publisher and the configured RAGFlow server. Use a least-privileged RAGFlow API key, avoid uploading confidential or regulated files unless authorized, and carefully confirm exact dataset or document IDs before any update, delete, parse, or stop action.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill clearly uses sensitive capabilities via environment variables, local file paths for uploads, and network access to a remote RAGFlow API, yet it does not declare explicit permissions beyond runtime requirements. This weakens policy enforcement and user awareness because the agent can access secrets and exfiltrate local file contents to an external service without a formal permission boundary.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill advertises dataset and document deletion capabilities but does not present a prominent general warning in the description about irreversible data loss. Although later guardrails require confirmation, the top-level description still understates destructive risk, which can lead to accidental invocation in a high-impact data management context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal