ClawHub

Volcengine Ai Search Rag

v1.0.0

Retrieval and RAG workflow on Volcengine AI stack. Use when users need embedding search, document indexing, top-k retrieval, grounding prompts, or search relevance tuning.

0· 982·0 current·0 all-time
by@cinience
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is explicitly about Volcengine embeddings, indexing, and retrieval, but it declares no required environment variables, no primary credential, and no configuration paths. A real Volcengine integration would normally require API keys/endpoint config; that mismatch suggests the skill is incomplete or expects credentials to be supplied out-of-band.
Instruction Scope
SKILL.md contains high-level, reasonable RAG workflow steps (chunking, embedding generation, indexing, retrieval, grounding). It does not instruct reading arbitrary system files or exfiltrating data, but it is vague about where the corpus comes from and how credentials/endpoints are supplied, which gives the agent broad discretion at runtime.
Install Mechanism
No install spec and no code files are present (instruction-only). This minimizes disk-level risk — nothing is downloaded or executed by default.
!
Credentials
No environment variables or credentials are declared despite the skill targeting a cloud service. Expecting no credentials is unusual for a cloud-based embedding/search integration and could hide implicit assumptions about where API keys are stored or supplied.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request system-wide config changes. It does not ask to modify other skills or agent settings.
What to consider before installing
This skill appears to be a high-level RAG template for Volcengine but does not state how or where it will access the Volcengine API (no API keys, endpoints, or config paths declared). Before installing or enabling it: (1) ask the publisher how credentials are supplied and where network calls will go (expected: VOLCENGINE_API_KEY, endpoint URL, region); (2) require explicit use of secure secret storage (do not paste keys into prompts); (3) test in a restricted environment to observe outbound network calls; (4) if you plan to let the agent index private data, confirm the skill's handling of sensitive documents and retention policy. Because of the missing credential/config details, treat this as incomplete and verify those gaps prior to use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97atnmdx7je10mjfh4ypx15p180z4f5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments