Security Audit

rag-construction

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

rag-construction received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Potential Prompt Injection via RAG Output, Data Exfiltration via Knowledge Base Export.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Dynamic Code

1 finding

Security Findings3

Severity	Finding	Layer	Location
HIGH	Potential Prompt Injection via RAG Output The `_generate_answer` method constructs a response string using both the user's `question` and `context` derived from document content (`source.chunk.content`, `source.document_title`). The code explicitly states that 'In production, this would call an LLM API.' If the output of this skill is fed into a downstream LLM, malicious instructions embedded in the `question` or the ingested `Document` content could lead to prompt injection, manipulating the behavior of the downstream LLM. Implement robust input sanitization and output filtering for `question` and `Document` content before they are used to construct prompts for any downstream LLM. Consider using LLM-specific prompt templating and safety mechanisms (e.g., content moderation APIs, instruction tuning) to mitigate injection risks. Ensure that the `_generate_answer` method, when integrated with an actual LLM, uses secure API calls and parameter handling.	LLM	SKILL.md:454
HIGH	Data Exfiltration via Knowledge Base Export The `export_knowledge_base` method is designed to return a dictionary containing all stored documents, including their full `content`. If this skill is exposed to an untrusted user or another agent, they could invoke this method to exfiltrate all sensitive data that has been added to the RAG system's knowledge base. Restrict access to the `export_knowledge_base` method to authorized users or agents only. Implement strong authentication and authorization checks before allowing this method to be called. If full content export is necessary, consider redacting sensitive information or providing an option for partial export based on user permissions.	LLM	SKILL.md:506
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/datadrivenconstruction/rag-construction/SKILL.md:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/84fb2e165c6da4cb.svg)](https://skillshield.io/report/84fb2e165c6da4cb)