ClawHub

2134

v1.0.0

Use for RAGFlow dataset and retrieval tasks: create, list, inspect, update, or delete datasets; list, upload, update, or delete documents in a dataset; start...

0· 84·0 current·0 all-time
byDraculahellsing@caesergattuso
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (RAGFlow dataset and retrieval tasks) match the delivered artifacts: a suite of Python scripts that call a RAGFlow HTTP API (endpoints under /api/v1, model list path), plus SKILL.md describing when to run them. All required abilities (list/create/delete datasets, upload docs, start/stop parse, search) are implemented in the scripts.
Instruction Scope
SKILL.md instructs the agent to run the bundled scripts and to supply a base URL and API key (via file, prompt, or saved memory). The scripts will read local file paths the user provides for uploads and will send file contents to the configured base_url. This behavior is coherent with the stated purpose but means the skill will read and transmit any local files you ask it to upload.
Install Mechanism
No install spec is present (instruction-only with bundled scripts). There are no remote download/install steps, third-party package fetches, or unusual installers—scripts rely on Python standard library and are included in the skill bundle.
Credentials
The skill metadata lists no required environment variables, which is accurate for the bundle; however at runtime the scripts require a RAGFlow API key (provided via --api-key-file, interactive prompt, or saved memory file). The memory file (default: ~/.codex/memories/ragflow_credentials.json) may be written if --save-to-memory is used; storing API keys unencrypted on disk is convenient but has security implications.
Persistence & Privilege
The skill is not marked always:true and does not alter other skills. It can optionally persist base_url and api_key into a per-user memory file when the user requests --save-to-memory; this is normal but should be considered by the user before enabling.
Assessment
This skill appears to do what it says: it runs local Python scripts that call a RAGFlow server you supply and requires a RAGFlow API key. Before installing/using it: (1) confirm the base_url is a server you trust (it will receive uploaded file contents and API key Bearer tokens); (2) prefer passing the API key via a protected file (--api-key-file) rather than saving it to the default memory file; (3) avoid --save-to-memory if you don't want your API key stored unencrypted in ~/.codex/memories/; (4) only upload local files you intend to send to that server; (5) the scripts follow the SKILL.md deletion-confirmation rule, but still confirm any delete operations interactively. If you need more assurance, review the bundled scripts (they're included) and run them locally with a test server or a revocable test API key first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bcb064vp41z61a59kwxzgc183e3zm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments