ClawHub

ragflow-skill-python

v1.0.0

Use for RAGFlow dataset tasks: create, list, inspect, update, or delete datasets; upload, list, update, or delete documents; start or stop parsing; check par...

0· 19·0 current·0 all-time
bychang@liberalchang·duplicate of @redredrrred/rrragflow-skill·canonical: @caesergattuso/1234
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included scripts and required items: python3 and RAGFLOW_API_URL / RAGFLOW_API_KEY. All declared requirements are directly needed for calling the RAGFlow HTTP API and running the bundled Python scripts.
Instruction Scope
SKILL.md restricts the agent to using the bundled scripts and to prefer --json. Scripts only read the declared env vars and (where applicable) user-provided file paths for uploads; they perform HTTP calls to the configured RAGFlow API. Guardrails for deletes and parsing are explicit.
Install Mechanism
No install spec is provided (instruction-only installation). The skill bundles Python scripts to be executed by python3; there is no external download/install step that would fetch arbitrary code at runtime.
Credentials
Only RAGFLOW_API_URL and RAGFLOW_API_KEY are required and the primary credential is the API key. No unrelated secrets, cloud provider creds, or system-wide config paths are requested.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with elevated privileges here.
Assessment
This skill appears to be a straightforward client for a RAGFlow HTTP API. Before installing: (1) ensure RAGFLOW_API_URL points to a trusted RAGFlow server you control or trust — the scripts will send files and API requests there; (2) treat RAGFLOW_API_KEY as a secret (it is used in Authorization headers); (3) when uploading, only provide files you intend to send to that server; (4) the SKILL.md includes safe guardrails (explicit confirmation for deletes, separate parse start), but confirm the agent follows those in practice; (5) if you need higher assurance, review the omitted/truncated script contents (upload.py and others) locally to verify no additional network endpoints or hidden behavior are present.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ch3x1c1evjy79rd8xysgg1s853kx3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvRAGFLOW_API_URL, RAGFLOW_API_KEY
Primary envRAGFLOW_API_KEY

Comments