Local Rag Index Planner
v1.0.0规划本地知识库的目录、分片粒度、命名、更新时间与访问边界,而不是直接堆 RAG。;use for rag, indexing, knowledge workflows;do not use for 直接部署向量数据库, 忽略权限隔离.
⭐ 0· 94·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included files: SKILL.md, README, resources/spec.json describe planning/local-audit tasks and scripts/run.py implements structured reports, directory scans, CSV reports and pattern scans. Required binary is python3 — appropriate for the included Python script. No unrelated credentials, binaries or installs are requested.
Instruction Scope
SKILL.md explicitly instructs the agent to use local template/spec files and optionally run scripts/run.py. The script reads files under any input path and scans many text file types (md, json, py, sh, csv, etc.). This is coherent for a local index planner but means the skill will read whatever input path you give it (including potentially sensitive files) — the skill itself does not exfiltrate data or contact external endpoints, but outputs could contain sensitive content if you supply sensitive inputs.
Install Mechanism
No install spec; instruction-only with an optional local Python script. No remote downloads or package installs are performed by the skill bundle. This is low-risk from an install perspective.
Credentials
The skill declares no required environment variables or credentials and only needs python3. The script reads files provided by the user but does not require unrelated tokens or secrets. Requested permissions are proportional to the stated functionality.
Persistence & Privilege
always is false and the skill does not request system-level persistence. It does not modify other skills or system-wide configs. Autonomous invocation is allowed by default (platform behavior) but is not combined with other elevated privileges.
Scan Findings in Context
[curl_pipe_bash] expected: run.py contains a regex to detect 'curl ... | bash' patterns in scanned files; this is part of the skill's pattern-audit functionality and is appropriate for catching risky content in user-supplied files.
[dangerous_rm] expected: run.py looks for 'rm -rf' patterns when scanning files. This is a detection heuristic, not an execution of such commands, and is expected for safety checks.
[base64_exec] expected: run.py includes a pattern to find base64-decode-and-exec idioms in scanned text. This is appropriate for pattern-based auditing of local code/text.
[secret_like] expected: The script scans for 'api_key|token|secret|password' patterns and redacts part of matches in the report. This supports auditing for accidental secrets in the provided inputs.
[private_url] expected: A pattern exists to flag private/internal URL paths in scanned content; again this is consistent with the skill's audit features.
Assessment
This skill appears internally consistent and only needs python3, but it will read whatever path you pass to the script (files and directories including .py/.sh/.json/.md/.csv). Before running or letting an agent invoke it: (1) do not point it at system roots or directories that contain secrets (e.g., /etc, ~/.ssh, credential stores); (2) sanitize or remove sensitive data from inputs you supply; (3) review output before sharing externally (reports may surface snippets from scanned files); (4) if you want automated/autonomous use, restrict the allowed input paths or run the script in a controlled sandbox/workspace; and (5) if you have doubts, inspect scripts/run.py yourself or run it in a safe environment to confirm behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk97fkg7s2hn7b38dxqz4jtsv61835cyz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🗃️ Clawdis
OSmacOS · Linux · Windows
Binspython3