ClawHub

Rag Retriever

Security checks across malware telemetry and agentic risk

Overview

This RAG retrieval skill appears legitimate, with the main caveat that indexed documents are stored locally and may be sent to OpenAI if the optional OpenAI embedding provider is used.

Install only if you are comfortable with local indexing of the files you add. Use the default local/simple or local Transformers embedding modes for private material, and enable OpenAI embeddings only when sending document chunks and queries to OpenAI is acceptable. Be aware that Transformers mode may download model files from hf-mirror.com unless changed in code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (9)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to add and index documents, and elsewhere indicates future integration with external embedding providers such as OpenAI/Cohere, but it does not warn that document contents and metadata may be persisted locally and could later be transmitted to third-party services. This creates a real privacy and data-handling risk because users may ingest sensitive files under the assumption processing is purely local.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This code sends raw input text to the OpenAI embeddings API, which is an external third party. If the caller passes sensitive prompts, documents, secrets, or personal data, that content leaves the local trust boundary with no visible consent, minimization, or policy enforcement in this module.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code sends full document content to `embeddingProvider.embed(content)` without any consent check, disclosure, redaction, or locality guarantee. If the embedding provider is remote or third-party, sensitive indexed data may be exfiltrated outside the application boundary, which is a real privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The search path embeds raw user queries via `this.embeddingProvider.embed(query)` with no warning, consent flow, or sanitization. Queries often contain sensitive business data, personal information, or secrets, so transmitting them to an external model provider can leak private user input.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code explicitly rewrites Hugging Face endpoints to a third-party mirror and then downloads model assets from that remote service during initialization. While the embedding inference itself appears local after model load, this still creates an undisclosed outbound network dependency that may expose deployment metadata, IP address, requested model identifiers, and potentially any fallback or future request data to an untrusted endpoint without user consent.

External Transmission

Medium
Category
Data Exfiltration
Content
return this.cache[cacheKey];
    }

    const response = await fetch('https://api.openai.com/v1/embeddings', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
Confidence
91% confidence
Finding
fetch('https://api.openai.com/v1/embeddings', { method: 'POST'

External Transmission

Medium
Category
Data Exfiltration
Content
for (let i = 0; i < toProcess.length; i += this.batchSize) {
        const batch = toProcess.slice(i, i + this.batchSize);
        
        const response = await fetch('https://api.openai.com/v1/embeddings', {
          method: 'POST',
          headers: {
            'Content-Type': 'application/json',
Confidence
91% confidence
Finding
fetch('https://api.openai.com/v1/embeddings', { method: 'POST'

External Transmission

Medium
Category
Data Exfiltration
Content
return this.cache[cacheKey];
    }

    const response = await fetch('https://api.openai.com/v1/embeddings', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
Confidence
91% confidence
Finding
https://api.openai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
for (let i = 0; i < toProcess.length; i += this.batchSize) {
        const batch = toProcess.slice(i, i + this.batchSize);
        
        const response = await fetch('https://api.openai.com/v1/embeddings', {
          method: 'POST',
          headers: {
            'Content-Type': 'application/json',
Confidence
91% confidence
Finding
https://api.openai.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal