clawgrep

v0.1.4

Grep-like CLI with hybrid semantic and keyword search. Combines semantic embedding search with keyword matching for high-quality code and document retrieval....

⭐ 0· 109·0 current·0 all-time

byAndrew Schonhoffer@schonhoffer

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the instructions: the SKILL.md documents how to use a local clawgrep CLI and how it behaves. All required functionality (embedding model download, local cache, grep-compatible output) is consistent with a semantic+keyword search tool.

✓

Instruction Scope

The instructions only tell the agent/user to run the clawgrep binary, install it via cargo/npm/pip if missing, and to search user-specified paths. They do not instruct reading unrelated system files, exfiltrating data, or accessing unrelated credentials. The SKILL.md explicitly recommends not searching the whole filesystem.

ℹ

Install Mechanism

There is no install spec in the registry (instruction-only). SKILL.md states the clawgrep binary will — on first run — download a ~30 MB ONNX model from Hugging Face and cache it locally. That network activity is expected for embedding-based tools but is the primary vector to be aware of (initial download only).

✓

Credentials

The registry lists no required environment variables or credentials. SKILL.md documents optional env vars (CLAWGREP_CACHE_DIR, CLAWGREP_CONFIG, CLAWGREP_VERBOSE, NO_COLOR, RUST_LOG) that are reasonable for a CLI and are not required secrets.

✓

Persistence & Privilege

The skill is not always-enabled and does not request any persistent platform privileges. It does reference a local cache directory (standard for this use case) but does not modify other skills or system-wide settings.

Assessment

This skill is a documentation/instruction wrapper for the external clawgrep CLI rather than executable code. Before installing/using clawgrep: (1) install the clawgrep binary from the repository linked in the SKILL.md or build it locally (cargo/npm/pip as appropriate) and verify that source is trustworthy; (2) be aware that the first run will download a ~30 MB ONNX model from Hugging Face (network activity) and cache it locally in ~/.cache/clawgrep or the platform-specific cache — if you need offline-only behavior, pre-download or audit that step; (3) the skill itself does not request credentials or perform exfiltration, but the binary will read whatever paths you ask it to search, so avoid running it over the entire filesystem if you are concerned about sensitive data; (4) if you need higher assurance, inspect the upstream GitHub project and/or build the binary from source before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk974kvvwtdf7r8dyp1p5cs2z8h83rbap

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

clawgrep

License

Comments