Skillv1.0.1

ClawScan security

rag-query · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 12:40 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly what it claims (semantic search against a Qdrant collection) but the code reads and falls back to additional environment variables and external endpoints that are not declared in SKILL.md, which could cause unexpected use of credentials or data sent to third-party embedding APIs.
Guidance: This skill appears to do what it says (compute an embedding and query a Qdrant collection), but review the following before installing or running: 1) The script will send your query text to an embedding service (default: https://api.vectorengine.ai). If you don't want queries leaving your environment, do not run it or change EMBED_BASE_URL to a private endpoint. 2) The script will use EMBED_API_KEY if provided, but will silently fall back to VECTORENGINE_API_KEY or OPENAI_API_KEY if those exist in your environment — supply an explicit embedding key or unset unrelated keys to avoid accidental credential usage. 3) Confirm QDRANT_URL points to the intended (ideally private) Qdrant instance. 4) If you want the documentation to fully match behavior, ask the publisher to declare all environment variables the code reads (EMBED_BASE_URL, VECTORENGINE_API_KEY, OPENAI_API_KEY, RAG_INGEST_EMBED_MODEL, OPENAI_EMBEDDING_MODEL) or remove the undocumented fallbacks. If the author updates the SKILL.md to list these env vars explicitly (or removes the fallback use of OPENAI_API_KEY), this would reduce the unexpected credential-use concern and increase confidence.

Review Dimensions

Purpose & Capability: noteName/description match the implementation: the script computes an embedding and queries a Qdrant collection. Requiring QDRANT_URL and an embedding API key is appropriate. However the code also accepts alternate env names (VECTORENGINE_API_KEY, OPENAI_API_KEY) and embedding-related envs (EMBED_BASE_URL, RAG_INGEST_EMBED_MODEL) that are not documented in SKILL.md.
Instruction Scope: noteSKILL.md instructs running the included Node script and only lists QDRANT_URL and EMBED_API_KEY. The script only performs embedding requests and a Qdrant /collections/.../points/search call (no file reads or broad system access). Still, it sends query text to an external embedding API (default https://api.vectorengine.ai) and will use other env vars if present—this diverges from the documented instruction scope.
Install Mechanism: okNo install spec (instruction-only). The script requires Node on PATH, which matches the declared required binary. Nothing is downloaded or installed by the skill itself.
Credentials: concernSKILL.md declares QDRANT_URL and EMBED_API_KEY, which are reasonable. The script also reads VECTORENGINE_API_KEY, OPENAI_API_KEY, EMBED_BASE_URL, RAG_INGEST_EMBED_MODEL, and OPENAI_EMBEDDING_MODEL as fallbacks/defaults. In particular, an existing OPENAI_API_KEY in the environment would be used silently as the embedding key if EMBED_API_KEY is not set, which is an undeclared and potentially surprising use of sensitive credentials.
Persistence & Privilege: okalways is false and the skill does not claim to persist or modify other agent/system configs. It runs only when invoked; no elevated or persistent privileges are requested.