RAG Engineering
PassAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only RAG engineering guide with no code, install hooks, credentials, or hidden execution behavior; its only notable issue is that RAG projects can involve storing sensitive documents and metadata.
This skill appears safe to install as an instruction-only methodology guide. When using it to build a real RAG system, be careful about which documents you index, how long embeddings and metadata are retained, who can query them, and whether retrieved content could contain untrusted instructions or sensitive information.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on private or regulated documents, the resulting RAG system may store and later reuse sensitive text, metadata, summaries, or retrieved context.
The skill advises building RAG pipelines that store indexed document chunks and derived context, which is central to the stated purpose but can involve persistent sensitive content.
Raw Documents → Extraction → Cleaning → Enrichment → Chunking → Embedding → Indexing
Before applying the guidance, define allowed document sources, retention rules, access controls, redaction requirements, and safeguards for untrusted retrieved content.