ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RAGLite - Local Expandable Library AI Library

Local-first RAG cache: distill docs into structured Markdown, then index/query with Chroma + hybrid search (vector + keyword).

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.4k · 2 current installs · 2 all-time installs
byViraj Sanghvi@VirajSanghvi1
duplicate of @VirajSanghvi1/raglite
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the scripts and SKILL.md: python3/pip are reasonable prerequisites and the scripts install and run a raglite CLI that condenses, indexes, and queries docs. The SKILL.md asks for ripgrep and a local Chroma endpoint as optional prerequisites which aligns with the hybrid search claim.
!
Instruction Scope
The runtime wrapper (scripts/raglite.sh) injects '--engine openclaw' when the user doesn't specify an engine, which forces the library to use the OpenClaw engine by default. SKILL.md states OpenClaw Gateway /v1/responses must be reachable and that OPENCLAW_GATEWAY_TOKEN may be required — but the skill does not declare that env var. This means documents you process could be sent to an external gateway or cause outbound network activity without an explicit opt-in from the user.
Install Mechanism
Installation uses pip to install directly from GitHub (git+https://github.com/VirajSanghvi1/raglite.git@main). Installing from a GitHub main branch runs code from an evolving source (moderate risk). It is better to pin a release/tag or audit the upstream repository before installing.
!
Credentials
The skill declares no required env vars, but SKILL.md references OPENCLAW_GATEWAY_TOKEN and requires a reachable OpenClaw gateway when the default engine is used. The skill may read that token from the environment if present (not declared), which is disproportionate to a purely local RAG cache and could leak data if the gateway is remote/untrusted.
Persistence & Privilege
always is false and the skill installs into a skill-local virtualenv; it does not request system-wide changes or modify other skills' configs. No elevated persistence is requested.
What to consider before installing
This skill looks like a legitimate local RAG tool, but take precautions before installing/using it: - Be aware the wrapper will default to engine 'openclaw' unless you pass --engine explicitly; that can cause documents to be sent to an OpenClaw gateway. Always pass --engine <local|ollama|etc.> if you want to avoid outbound network usage. - The install script pip-installs from github:@main. Review the upstream repository (or request a pinned release/tag) before running install.sh and prefer installing in an isolated environment (container or VM). - If you have an OPENCLAW_GATEWAY_TOKEN in your environment, the installed library may use it even though the skill did not declare it. Remove or unset tokens you don't want used, or explicitly set a safe engine. - Ensure your Chroma server is local (chroma-url default is http://127.0.0.1:8100) and that ripgrep is installed if you need keyword search. - If you need higher assurance: clone and inspect the raglite repo code (or ask the author for a signed/pinned release) and run installs in a sandbox before trusting it with sensitive documents.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk972aqz1vq9cz0z4ncfx317k4980kfyf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔎 Clawdis
OSmacOS · Linux
Binspython3, pip

SKILL.md

RAGLite — a local RAG cache (not a memory replacement)

RAGLite is a local-first RAG cache.

It does not replace model memory or chat context. It gives your agent a durable place to store and retrieve information the model wasn’t trained on — especially useful for local/private knowledge (school work, personal notes, medical records, internal runbooks).

Why it’s better than “paid RAG” / knowledge bases (for many use cases)

  • Local-first privacy: keep sensitive data on your machine/network.
  • Open-source building blocks: Chroma 🧠 + ripgrep ⚡ — no managed vector DB required.
  • Compression-before-embeddings: distill first → less fluff/duplication → cheaper prompts + more reliable retrieval.
  • Auditable artifacts: the distilled Markdown is human-readable and version-controllable.

If you later outgrow local, you can swap in a hosted DB — but you often don’t need to.

What it does

1) Condense ✍️

Turns docs into structured Markdown outputs (low fluff, more “what matters”).

2) Index 🧠

Embeds the distilled outputs into a Chroma collection (one DB, many collections).

3) Query 🔎

Hybrid retrieval:

  • vector similarity via Chroma
  • keyword matches via ripgrep (rg)

Default engine

This skill defaults to OpenClaw 🦞 for condensation unless you pass --engine explicitly.

Prereqs

  • Python 3.11+
  • For indexing/query:
    • Chroma server reachable (default http://127.0.0.1:8100)
  • For hybrid keyword search:
    • rg installed (brew install ripgrep)
  • For OpenClaw engine:
    • OpenClaw Gateway /v1/responses reachable
    • OPENCLAW_GATEWAY_TOKEN set if your gateway requires auth

Install (skill runtime)

This skill installs RAGLite into a skill-local venv:

./scripts/install.sh

It installs from GitHub:

  • git+https://github.com/VirajSanghvi1/raglite.git@main

Usage

One-command pipeline (recommended)

./scripts/raglite.sh run /path/to/docs \
  --out ./raglite_out \
  --collection my-docs \
  --chroma-url http://127.0.0.1:8100 \
  --skip-existing \
  --skip-indexed \
  --nodes

Query

./scripts/raglite.sh query ./raglite_out \
  --collection my-docs \
  --top-k 5 \
  --keyword-top-k 5 \
  "rollback procedure"

Outputs (what gets written)

In --out you’ll see:

  • *.tool-summary.md
  • *.execution-notes.md
  • optional: *.outline.md
  • optional: */nodes/*.md plus per-doc *.index.md and a root index.md
  • metadata in .raglite/ (cache, run stats, errors)

Troubleshooting

  • Chroma not reachable → check --chroma-url, and that Chroma is running.
  • No keyword results → install ripgrep (rg --version).
  • OpenClaw engine errors → ensure gateway is up and token env var is set.

Pitch (for ClawHub listing)

RAGLite is a local RAG cache for repeated lookups.

When you (or your agent) keep re-searching for the same non-training data — local notes, school work, medical records, internal docs — RAGLite gives you a private, auditable library:

  1. Distill to structured Markdown (compression-before-embeddings)
  2. Index locally into Chroma
  3. Query with hybrid retrieval (vector + keyword)

It doesn’t replace memory/context — it’s the place to store what you need again.

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…