Oathe Security Badge

Is nissan/vector-store-shootout safe?

https://clawhub.ai/nissan/vector-store-shootout

99
SAFE

This skill provides a clean, well-documented collection of 8 vector store implementations with a common interface. All code is legitimate, follows good practices, and performs exactly as advertised. The only minor concern is documented external API calls to embedding services, which are expected for this type of functionality.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 100/100 · 5%

Findings (1)

LOW External API calls to embedding services -5

The skill makes documented network calls to external embedding services (Ollama at localhost:11434, OpenAI API) and vector databases (Qdrant, Weaviate, Milvus). While these are legitimate and expected for vector store functionality, they represent external communication that users should be aware of.