anythingllm-rag
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: anythingllm-rag Version: 1.0.0 The script `scripts/anythingllm.sh` contains a critical shell injection vulnerability because it uses `eval` to execute a constructed curl command containing unsanitized user input (e.g., in the `api_call` and `upload_text` functions). Additionally, the script contains a hardcoded API key and workspace ID. While these appear to be severe security vulnerabilities rather than intentional malware, they allow for arbitrary command execution if the agent processes crafted input.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental upload-text value could run commands on the user's machine under the agent's privileges.
The script builds a shell command string containing JSON data and executes it with eval. The upload-text command supplies user-controlled text/title into that data, so crafted input containing shell quoting could execute local commands.
curl_cmd="${curl_cmd} -d '${data}'"
...
local response=$(eval "$curl_cmd")Do not use upload-text with untrusted content until the script is changed to call curl with arrays/quoted arguments directly and proper JSON escaping, without eval.
The skill may authenticate to AnythingLLM with a token the user did not explicitly configure, and may access or modify an unexpected workspace.
The script contains a fallback bearer API key and workspace ID, while the registry metadata says there is no primary credential or required environment variable. That can cause the skill to use unexpected authority for querying, listing, or uploading documents.
ANYTHINGLLM_API_KEY="${ANYTHINGLLM_API_KEY:-JYF2P4K-SQ6MKA3-NGW734W-6CVY672}"
DEFAULT_WORKSPACE="${ANYTHINGLLM_WORKSPACE:-e2c3afc4-d5fc-44c9-964a-7a571e7ee49f}"Require users to provide their own API key and workspace explicitly, remove hard-coded credentials, and declare the credential/environment requirements in metadata.
Selected private documents or raw text may persist in AnythingLLM and influence future answers.
The skill is designed to upload private/local documents into a RAG knowledge base, where they may be stored and reused as retrieval context.
Also handles uploading new documents to AnythingLLM... User wants to upload documents to the knowledge base
Only upload files you intend to add to that workspace, and review AnythingLLM's workspace access, retention, and deletion controls.