ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

FileChat RAG

Search, retrieve, and chat with documents securely stored in ANY Google Drive folder using semantic vector search (RAG). Use when: (1) a user asks to save a...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 48 · 0 current installs · 0 all-time installs
by@eladrave
MIT-0
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description match the code: scripts list, download, OCR, chunk, embed, and query Google Drive documents. However the registry metadata declares no required environment variables or primary credential even though the skill requires GEMINI_API_KEY or OPENAI_API_KEY and Google Drive credentials at runtime — that mismatch is problematic and unexpected.
Instruction Scope
SKILL.md and the code instruct the agent to read ./skills/filechat/.env, run sync/query via node scripts, and call the Google Workspace CLI (gws/npx) to download files into the workspace. Those actions are within the declared purpose (indexing Drive content). The instructions do explicitly require the agent to download potentially sensitive files and send text/image bytes to external embedding/OCR endpoints (Gemini/OpenAI), which is expected for a RAG tool but should be highlighted as sensitive.
Install Mechanism
Install uses npm to provide @googleworkspace/cli (gws) and runs npm install inside the skill folder. This is a standard mechanism (no random download URLs). The code uses execSync + npx to invoke the CLI at runtime; that’s moderate risk because it executes external processes but is consistent with the stated functionality.
!
Credentials
The registry lists no required env vars, but the runtime requires EMBEDDING_PROVIDER and GEMINI_API_KEY or OPENAI_API_KEY (and implicitly Google Workspace auth for gws). API keys are stored/referenced in ./skills/filechat/.env per instructions. The code also appends the GEMINI_API_KEY to request URLs (key in query param) which is poor practice and increases leakage risk. The skill asks for access to all files in a Drive folder — proportional to purpose, but the undeclared and potentially exposed credentials are a concern.
Persistence & Privilege
The skill is not always-enabled; it runs when invoked and writes a per-folder JSON vector DB and temporary downloaded files to the workspace. Writing its own DB and temp files is consistent with purpose. No evidence it modifies other skills or system-wide settings.
What to consider before installing
This skill does what it claims (index and query Google Drive folders) but has several things you should confirm before installing: - The registry metadata does NOT declare required env vars, yet the skill needs EMBEDDING_PROVIDER plus GEMINI_API_KEY or OPENAI_API_KEY and Google Drive auth. Ask the author to declare these in the registry metadata so you know what secrets will be needed. - The skill will download files from your Drive into the agent workspace and send file text (and image bytes for OCR) to external embedding/OCR APIs (Gemini/OpenAI). Do not point it at folders containing highly sensitive data unless you trust the environment and embedding provider. - API key handling has issues: GEMINI API key is sent as a query parameter to Google endpoints (increasing leakage risk) and keys are stored in a plaintext .env file under ./skills/filechat/.env. Prefer using safer secret storage and avoid query-string keys. - The skill relies on the Google Workspace CLI (npx @googleworkspace/cli). Ensure you understand and control how gws is authenticated (OAuth or service account). Verify the auth scope the CLI will use so it only has access to the intended folder(s). - The code uses execSync and npx to run external commands and writes temporary files to the workspace; consider running the skill in an isolated/non-sensitive workspace first and review logs and temporary files to confirm deletion behavior. Recommended actions before use: request the developer to update registry metadata to list required env vars; review/confirm Google Workspace CLI auth flow and scopes; store keys in a secure secrets store rather than a plaintext .env; and test on non-sensitive folders first.
sync.js:33
Shell command execution detected (child_process).
query.js:15
Environment variable access combined with network send.
sync.js:16
Environment variable access combined with network send.
!
query.js:24
File read combined with network send (possible exfiltration).
!
sync.js:125
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk974ycnva0xvexbx40b7dpr4kh83e1h2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, npm, gws

Install

Install Google Workspace CLI
Bins: gws
npm i -g @googleworkspace/cli

SKILL.md

FileChat RAG Skill

Your personal RAG (Retrieval-Augmented Generation) document library backed by Google Drive. Supports multiple Google Drive folders dynamically and allows choosing between Gemini or OpenAI for embeddings.

Setup & Bootstrap

If the user asks to use FileChat or asks a question about their files, FIRST verify that the required environment variables are set in /workspace/skills/filechat/.env:

  1. EMBEDDING_PROVIDER (either gemini or openai)
  2. GEMINI_API_KEY or OPENAI_API_KEY (Depending on the provider)

If they are missing, STOP and ask the user to provide them. Create the .env file like this:

echo "EMBEDDING_PROVIDER=gemini" > ./skills/filechat/.env
echo "GEMINI_API_KEY=your_key_here" >> ./skills/filechat/.env

How to Sync the Library

When the user asks to "sync", "flush", or "update" a specific FileChat folder, you must run the ingestion script. This connects to Google Drive, downloads all new/changed files (including PDFs, resolving shortcuts, and traversing sub-folders), chunks the text, gets embeddings, and saves them to a local JSON vector database keyed by the Folder ID.

You must supply the FOLDER_ID to the script. If you don't know the folder ID the user wants, ask them.

cd ./skills/filechat && node sync.js <FOLDER_ID>

How to Answer User Questions (RAG)

When a user asks a question about the contents of their documents, you MUST query the local vector store to fetch the relevant text chunks. You need the Folder ID.

cd ./skills/filechat && node query.js <FOLDER_ID> "What does my medical discharge say?"

The output will give you the most relevant text snippets, the original file names, and the Google Drive File IDs. Use the text snippets to formulate a comprehensive answer for the user. Always cite the file name you are referencing.

How to Retrieve and Send a Physical File

If the user asks for the actual file (e.g., "Send me the discharge PDF"), first find the File ID using the query script.

Then, use the gws CLI to download the file into your workspace:

gws drive files get --params '{"fileId": "<FILE_ID>", "alt": "media"}' --output /workspace/discharge.pdf

Then, reply to the user using the OpenClaw media attachment syntax: MEDIA:/workspace/discharge.pdf to send the physical file directly to their chat window.

How to Store a New File for the User

If the user uploads a file and asks you to "store" or "save" it:

  1. Upload it to their specific FileChat Google Drive folder using gws: 
    gws drive files create \
  --json '{"name": "filename.pdf", "parents": ["<FOLDER_ID>"]}' \
  --upload /path/to/uploaded/file.pdf
  2. Trigger the sync process so the new file is immediately readable by the vector database: 
    cd ./skills/filechat && node sync.js <FOLDER_ID>

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…