ClawHub

Rag Retrieve

Security checks across malware telemetry and agentic risk

Overview

This retrieval skill is mostly purpose-aligned, but it can automatically search and reuse private codebase content with insufficient scoping and uses unsafe shell-based local HTTP calls.

Review before installing. Use only with corpora and local services you control, make user_codebase retrieval explicit opt-in, exclude secrets and unrelated projects from ingestion, and replace shell-built curl calls with structured HTTP requests before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
97% confidence
Finding
The skill declares an always-on trigger ('always called by coding-orchestrator before generation'), which causes retrieval to run broadly regardless of whether it is necessary for the task. In this skill, that broad activation is more dangerous because retrieval can include user codebase content and send it onward to local HTTP/LLM components, increasing unnecessary data exposure and expanding attack surface.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The standalone trigger phrase ('find docs about X') is generic enough to overlap with ordinary user requests, which can cause the skill to activate in unintended contexts. Because the skill can search and process user codebase content and route text to multiple downstream components, accidental invocation can lead to unnecessary disclosure and over-collection of sensitive data.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill description and interface do not clearly disclose that user codebase content may be retrieved and then sent to local HTTP services and LLM components for embedding, reranking, and CoRAG decisions. This lack of transparency is security-relevant because it can expose proprietary or sensitive source code to additional services without explicit user awareness or consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal