ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RagClaw Knowledge Base

v0.5.0

Local-first knowledge base to index, search, and manage documents and web pages offline using SQLite and local embedding models.

1· 127·1 current·1 all-time
by@emdzej
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the provided commands and shell wrapper. The skill is instruction-only and delegates work to an external CLI (@emdzej/ragclaw-cli). Minor inconsistency: SKILL.md uses names/paths with 'kbclaw' while skill.json/storage uses 'ragclaw', which could lead to confusion about where data/config are stored.
!
Instruction Scope
Instructions are generally scoped to indexing, searching, and local storage. However, features like web crawling and 'embedder download' imply network activity (fetching pages and model weights). SKILL.md also claims 'Zero external APIs' and 'offline embeddings' which is misleading because the skill explicitly supports downloading embedders and crawling remote pages. The agent will run an external binary (ragclaw CLI), which may perform arbitrary I/O/network operations on your behalf.
Install Mechanism
No install spec is included (instruction-only). The provided kb.sh only checks for a CLI and instructs the user to install '@emdzej/ragclaw-cli' via npm. No third-party archives or obscure URLs are fetched by the skill itself.
Credentials
The skill declares no required environment variables or secrets. It optionally respects RAGCLAW_BIN to point to the CLI executable; that's reasonable but means a manipulated env var could alter which binary is executed.
Persistence & Privilege
always is false and the skill is user-invocable only. It will read/write files under user home (XDG dirs, ~/.config, ~/.local/share) which is expected for a local KB. Again, mismatch in names/paths between SKILL.md (~/.local/share/kbclaw, ~/.config/kbclaw) and skill.json (~/.local/share/ragclaw) should be clarified.
What to consider before installing
Before installing/using this skill: 1) Understand that the skill is a thin wrapper that runs a third-party CLI (@emdzej/ragclaw-cli). Review that project's source and npm package to ensure you trust its behavior (it will run on your machine and can access disk and network). 2) Expect network activity: web crawling and 'embedder download' will fetch remote content and model weights despite the 'offline' claim — if you need strictly offline behavior, disable crawling and do not download embedders. 3) Confirm where data will be written (SKILL.md uses ~/.local/share/kbclaw and ~/.config/kbclaw, but skill.json references ~/.local/share/ragclaw) and adjust or sandbox if needed. 4) Be careful with the RAGCLAW_BIN env var — if set to an untrusted program it will be executed; prefer installing the CLI from a trusted source and keep RAGCLAW_BIN unset. 5) If you require higher assurance, run the ragclaw CLI in a restricted environment (container or VM) and verify network/file activity during a test run.

Like a lobster shell, security has layers — review code before you run it.

latestvk975gc16rw7jcf7xypb5qttw8x83bh59

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments