ClawHub

LightRAG Search Skill

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill mostly does what it says, but its helper disables HTTPS certificate checks, which can expose or alter your LightRAG queries and API key.

Install only if you are comfortable editing or auditing the helper script. Before using API keys or sensitive queries, remove the TLS bypass, connect only to trusted HTTPS LightRAG servers with valid certificates, and protect ~/.lightrag_config.json.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern
ASI07: Insecure Inter-Agent Communication
What this means

A network attacker or misconfigured proxy could intercept API keys, read user queries, or tamper with returned knowledge-base context.

Why it was flagged

The helper explicitly disables HTTPS server identity and certificate validation before sending LightRAG API requests.

Skill content
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
Recommendation

Do not disable TLS verification by default. Use HTTPS with valid certificates, remove the CERT_NONE configuration, and only connect to trusted LightRAG servers.

Note
ASI03: Identity and Privilege Abuse
What this means

Anyone who can read the local config file may be able to use the configured LightRAG API key.

Why it was flagged

The helper stores an optional LightRAG API key in the user's local configuration file for later authenticated requests.

Skill content
config["servers"][args.alias] = {
    "url": args.url, 
    "api_key": args.key,
    "mode": args.mode
}
Recommendation

Store only keys with the minimum required privileges, protect the config file permissions, and remove unused keys.

Note
ASI06: Memory and Context Poisoning
What this means

If the knowledge base contains misleading text or prompt-like instructions, it may affect generated writing or decisions.

Why it was flagged

The skill is designed to feed retrieved knowledge-base content into later model work, which is normal for RAG but can influence outputs if the content is untrusted.

Skill content
Pass the resulting context to your writing task/model.
Recommendation

Treat retrieved context as untrusted reference material, verify important claims, and avoid following instructions found inside retrieved documents unless the user explicitly approves them.