ClawHub

RAGLite

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local RAG helper, but its default remote-engine behavior and unpinned GitHub install make it something users should review before trusting with private documents.

Install only if you are comfortable auditing or pinning the upstream GitHub dependency and understand where OpenClaw gateway and Chroma requests go. For sensitive notes, medical records, or internal runbooks, run in an isolated environment and pass an explicit local/offline engine or verify that no document content leaves your machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill presents itself as a local-first RAG cache, but the documented install path pulls code directly from a remote GitHub repository and the default condensation engine relies on an external OpenClaw gateway. That mismatch matters because users may trust the skill with sensitive documents under the assumption that processing is fully local, while content may be handled by remote code and potentially remote services.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The install script pulls and executes package code directly from a GitHub branch tip (`@main`), which is mutable and unauthenticated beyond transport security. This creates a supply-chain risk: if the repository, owner account, dependency chain, or upstream branch is compromised, users of the skill will install attacker-controlled code during setup.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill targets highly sensitive content such as personal notes, medical records, and internal runbooks, yet it does not clearly warn that indexing or condensation may send document content to external endpoints like the OpenClaw gateway or a Chroma server. In this context, omission of data-flow warnings is dangerous because users may unintentionally exfiltrate private data while believing the workflow is private and local.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal