Zvec Local RAG Service

The skill's files, runtime instructions, and requested tools are coherent with its stated purpose (a local RAG/semantic-search service) and do not request unrelated credentials or suspicious network access by default.

This skill appears to do what it claims, but follow basic precautions before enabling persistence or opening it to the network: 1) Inspect the generated plist (~/Library/LaunchAgents/com.openclaw.zvec-rag-service.plist) before bootstrap/start. 2) Keep Ollama local by default; do not set ALLOW_REMOTE_OLLAMA=true or ALLOW_NON_LOOPBACK_HOST=true unless you understand the network exposure. 3) Audit the npm dependency @zvec/zvec (node_modules) before running npm install if you need high assurance. 4) Run the service under your user account and back up any important data stored under ~/.openclaw/data/zvec-rag-service. 5) If you need stronger isolation, run the service inside a container or VM. If you have specific security policies or limited trust in third-party npm packages, treat the npm install step as the primary risk vector.