Back to skill

Security audit

RAGFlow

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed RAGFlow management helper that uses your RAGFlow API key to manage datasets, documents, parsing, and retrieval.

Install only if you want an agent to manage RAGFlow with your API key. Use the least-privileged RAGFlow credential available, verify RAGFLOW_API_URL before use, review exact dataset/document IDs before confirming deletes, and avoid uploading sensitive local files unless they are intended to be sent to that RAGFlow service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill explicitly requires sensitive environment variables and invokes bundled Python scripts that will likely perform filesystem reads and network requests, yet it declares no permissions model beyond metadata requirements. This creates a governance gap: callers and reviewers are not given clear, enforceable visibility into the skill's effective capabilities, increasing the risk of unintended data access or outbound exfiltration through the scripts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script performs irreversible dataset deletion as soon as the `delete` command is invoked, with no interactive confirmation, dry-run mode, or safety guard. In an agent skill context, this increases the chance of accidental or prompt-induced destructive actions that can remove multiple datasets at once, causing data loss or operational disruption.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.