ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RAG Search

v0.1.1

Backend retrieval skill for structured search of occupational health standards and documents, returning relevant text with source and clause details.

2· 2.5k·16 current·18 all-time
by@loda666
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, SKILL.md and handler.py consistently implement a minimal RAG search against a local vector DB for occupational-health regulations. However, the code requires a specific workspace layout (/root/.openclaw/workspace/rag_system/...) and a vectors.db file that are not declared in the skill metadata (no required config paths). That mismatch (implicit dependency on a local repo) is unexpected and should be justified.
!
Instruction Scope
SKILL.md describes only querying and returning original text. The implementation imports modules from an absolute path and reads /root/.openclaw/.../data/vectors.db. The handler returns raw document content from the DB (potentially sensitive). SKILL.md also warns this is a backend-only component, but the skill metadata does not mark any special protection; the instructions/code will access local files outside the skill bundle at runtime.
Install Mechanism
There is no install spec and no remote downloads; the skill is instruction-only aside from a local handler.py. This minimizes installation risk because nothing is fetched or written by an install step.
!
Credentials
handler.py instantiates QwenEmbeddingClient and QwenRerankClient which likely require API credentials or network access, but the skill declares no required environment variables or primary credential. Additionally, it relies on a hard-coded filesystem path rather than a declared config path. Missing declarations (API keys, DB path) are incoherent and could hide secret requirements or unexpected network calls.
Persistence & Privilege
The skill does not request always:true and does not modify system configs. However it alters sys.path at runtime to import code from /root/.openclaw/workspace, granting it access to other code and data in that workspace—this pattern increases its blast radius compared with a self-contained skill.
What to consider before installing
The code implements a local RAG query but relies on an absolute workspace path and external embedding/rerank clients while declaring no config paths or credentials. Before installing: (1) confirm the runtime will host /root/.openclaw/workspace/rag_system/data/vectors.db and that returning raw DB content is acceptable; (2) ask the author for the implementations of embedding_client and search_pipeline (they may require API keys or network access); (3) require the skill manifest to declare any required config paths and env vars (e.g., API keys, DB location); (4) review embedding/rerank client code for outbound network calls or credential usage to avoid secret exfiltration; (5) avoid exposing this skill directly to end users until these questions are resolved.

Like a lobster shell, security has layers — review code before you run it.

knowledge-basevk977aew11mc4mrbcmawmxefjk980q7hklatestvk977aew11mc4mrbcmawmxefjk980q7hkragvk977aew11mc4mrbcmawmxefjk980q7hksearchvk977aew11mc4mrbcmawmxefjk980q7hk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments