RAG Search
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s RAG search purpose is coherent, but it depends on unreviewed helper code from a hard-coded local path and has unclear model-provider data handling.
Review or obtain the missing rag_system helper code before installing. Confirm whether Qwen embedding/reranking is local or remote, what data is sent, and ensure the vector database contains only documents you are comfortable exposing through search.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may execute code that was not included in the reviewed package, and behavior could change depending on what files exist at that local path.
The skill imports runtime modules from an absolute workspace path outside the packaged file manifest, so invocation depends on unreviewed local code.
sys.path.insert(0, '/root/.openclaw/workspace/rag_system/scripts') ... from search_pipeline import SearchPipeline, LiteVectorStore from embedding_client import QwenEmbeddingClient, QwenRerankClient
Bundle and review the helper modules, declare the required path/configuration, pin or hash dependencies, and avoid importing from a broad hard-coded workspace path.
Search queries and retrieved text may be processed by an external or separately configured model provider, depending on the missing client implementation.
The reviewed code passes the user query and retrieved document snippets to Qwen-named embedding/reranking clients, but the actual client implementation, endpoint, and data-handling behavior are not included.
emb_client = QwenEmbeddingClient() query_emb = emb_client.embed_text(query) ... rerank_client = QwenRerankClient() reranked = rerank_client.rerank(query, documents, top_n=top_k)
Disclose whether Qwen calls are local or remote, what data is sent, what credentials are required, and any retention/privacy controls.
If the vector database contains private, outdated, or poisoned documents, the skill may surface that content in search results.
The skill reads from a persistent local vector database and returns stored source text, which is expected for RAG but makes the database contents and provenance important.
db_path = "/root/.openclaw/workspace/rag_system/data/vectors.db" ... "content": r['content']
Keep the vector database limited to intended documents, avoid indexing secrets, and maintain provenance/refresh controls for the RAG corpus.