LightRAG Knowledge Base

What to consider before installing: - The SKILL.md requires OpenAI/embedding API keys, a LIGHTRAG_API_KEY, and a JWT secret but the registry entry declares none — expect to supply sensitive credentials. Use dedicated, low-privilege/budget-limited keys if possible. - The setup will read and index files from ~/.openclaw (SOUL.md, USER.md, memory/*.md) and symlink scripts into multiple agent workspaces. That gives the service access to potentially sensitive agent profiles and logs; review which files will be indexed and explicitly exclude secrets before indexing. - The Docker image 'lightrag/lightrag:latest' is pulled from Docker Hub; verify the image source (official repo, signed image, or build from audited source) before running in production. - Run initially in an isolated environment (separate VM/container, limited network access) and test indexing behavior and exposed ports. Confirm the service binds to localhost and that no unintended port forwarding or proxying exposes it externally. - Inspect the lightrag_insert/query scripts and any auto-index cron scripts referenced in the README to ensure they don't exfiltrate data or call unexpected endpoints. Search for any third-party endpoints or hardcoded remote hosts. - If you want to proceed: restrict which files are indexed, use separate API keys with usage limits, rotate keys after testing, and consider enabling application-level access controls on the LightRAG instance. - Ask the publisher for a canonical homepage/repo and signed release artifacts so you (or a security reviewer) can audit the Docker image and any code before trusting it.