ClawHub

rag-query

v1.0.1

Query the RAG knowledge base (Qdrant kb_main) by semantic search. Returns top-k chunks with text, doc_id, source, text_type, topic_tags.

0· 338·3 current·3 all-time
by@seal-re
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the implementation: the script computes an embedding and queries a Qdrant collection. Requiring QDRANT_URL and an embedding API key is appropriate. However the code also accepts alternate env names (VECTORENGINE_API_KEY, OPENAI_API_KEY) and embedding-related envs (EMBED_BASE_URL, RAG_INGEST_EMBED_MODEL) that are not documented in SKILL.md.
Instruction Scope
SKILL.md instructs running the included Node script and only lists QDRANT_URL and EMBED_API_KEY. The script only performs embedding requests and a Qdrant /collections/.../points/search call (no file reads or broad system access). Still, it sends query text to an external embedding API (default https://api.vectorengine.ai) and will use other env vars if present—this diverges from the documented instruction scope.
Install Mechanism
No install spec (instruction-only). The script requires Node on PATH, which matches the declared required binary. Nothing is downloaded or installed by the skill itself.
!
Credentials
SKILL.md declares QDRANT_URL and EMBED_API_KEY, which are reasonable. The script also reads VECTORENGINE_API_KEY, OPENAI_API_KEY, EMBED_BASE_URL, RAG_INGEST_EMBED_MODEL, and OPENAI_EMBEDDING_MODEL as fallbacks/defaults. In particular, an existing OPENAI_API_KEY in the environment would be used silently as the embedding key if EMBED_API_KEY is not set, which is an undeclared and potentially surprising use of sensitive credentials.
Persistence & Privilege
always is false and the skill does not claim to persist or modify other agent/system configs. It runs only when invoked; no elevated or persistent privileges are requested.
What to consider before installing
This skill appears to do what it says (compute an embedding and query a Qdrant collection), but review the following before installing or running: 1) The script will send your query text to an embedding service (default: https://api.vectorengine.ai). If you don't want queries leaving your environment, do not run it or change EMBED_BASE_URL to a private endpoint. 2) The script will use EMBED_API_KEY if provided, but will silently fall back to VECTORENGINE_API_KEY or OPENAI_API_KEY if those exist in your environment — supply an explicit embedding key or unset unrelated keys to avoid accidental credential usage. 3) Confirm QDRANT_URL points to the intended (ideally private) Qdrant instance. 4) If you want the documentation to fully match behavior, ask the publisher to declare all environment variables the code reads (EMBED_BASE_URL, VECTORENGINE_API_KEY, OPENAI_API_KEY, RAG_INGEST_EMBED_MODEL, OPENAI_EMBEDDING_MODEL) or remove the undocumented fallbacks. If the author updates the SKILL.md to list these env vars explicitly (or removes the fallback use of OPENAI_API_KEY), this would reduce the unexpected credential-use concern and increase confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ap3qfwks3pd2e68mwta7tt182bchk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔎 Clawdis
Binsnode
EnvQDRANT_URL, EMBED_API_KEY
Primary envQDRANT_URL

Comments