ClawRAG - Self-hosted RAG & Memory
Self-hosted RAG engine with hybrid semantic and keyword search, document ingestion, local privacy, and seamless OpenClaw integration via Docker.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 1.1k · 5 current installs · 5 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a ClawRAG connector (self‑hosted RAG via Docker, an MCP server) which aligns with the skill name. However the registry metadata provides no description and omits expected requirements (Docker, docker-compose). This mismatch is an authoring/metadata gap rather than an obvious functional mismatch.
Instruction Scope
Instructions are narrowly scoped to: clone a GitHub repo, copy .env.example -> .env, run docker compose, add an MCP via npx, and verify the local HTTP health endpoint. They do not instruct reading unrelated host files or exfiltrating data, but they do require executing network‑fetched code and running containers on the host.
Install Mechanism
There is no formal install spec, but runtime steps fetch code from a personal GitHub repo (https://github.com/2dogsandanerd/ClawRag.git), run docker compose (images unspecified), and invoke npx to fetch @clawrag/mcp-server from npm. Those are legitimate for this purpose but involve running unreviewed third‑party code and container images — higher risk than an instruction‑only skill that uses only built‑in tooling.
Credentials
Registry metadata declares no required environment variables, but SKILL.md states you may need OpenAI/Anthropic API keys (and creates a .env from .env.example). This is an inconsistency: the skill may require sensitive API keys and environment configuration that are not declared in metadata, so users might be surprised to need to provide secrets.
Persistence & Privilege
The skill does not request always:true and does not claim to modify other skills or system settings. It does ask you to register an MCP connector via openclaw mcp add (expected for its purpose). Autonomous invocation is allowed (platform default) but not a new privilege here.
What to consider before installing
This connector is plausible for a self‑hosted RAG setup, but take these precautions before installing:
- Expect to run Docker and docker‑compose; the skill metadata failed to list Docker as a requirement. Don't run it on a critical host without isolation.
- The instructions clone a personal GitHub repo and call npx to fetch a package — review the repository and the npm package code, or inspect the package contents locally, before executing. npx will run code fetched from npm.
- Check the .env.example file (do not blindly copy secrets). The skill mentions OpenAI/Anthropic API keys which are sensitive; only provide keys if you understand why they're needed and consider using limited/rotated keys.
- Inspect which Docker images the compose file pulls; untrusted images can execute arbitrary code on your machine. Prefer running in a sandboxed VM or dedicated host.
- Verify the project’s maintainer reputation, GitHub commit history, and npm package versions (avoid unpublished or unverified packages if possible).
If you want a lower‑risk path: deploy to an isolated environment, audit the repo and docker compose YAML, and supply only the minimal credentials required.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.2.0
Download zipdocumentslatestlocal-aimcpmemoryprivacyragsearchself-hostedvector
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
ClawRAG Connector
The Brain for OpenClaw - Self-hosted RAG engine with hybrid search.
⚠️ This skill requires Docker. It connects OpenClaw to your local ClawRAG instance.
What is ClawRAG?
Production-ready RAG infrastructure that keeps your data local:
- 🔒 Privacy-first: Vector DB runs on your machine
- 🔍 Hybrid Search: Semantic + Keyword (BM25) + RRF ranking
- 📄 Smart Ingestion: PDFs, Office docs, Markdown via Docling
- 🧠 MCP-native: Seamless OpenClaw integration
Installation
Step 1: Start ClawRAG (Docker)
git clone https://github.com/2dogsandanerd/ClawRag.git
cd ClawRag
cp .env.example .env
docker compose up -d
Wait for http://localhost:8080/health to return OK.
Step 2: Connect OpenClaw
openclaw mcp add --transport stdio clawrag npx -y @clawrag/mcp-server
Verification
Test your setup:
curl http://localhost:8080/api/v1/rag/collections
Features
| Capability | Description |
|---|---|
| Document Upload | PDF, DOCX, TXT, MD via API or folder |
| Hybrid Query | Vector similarity + keyword matching |
| Citations | Source tracking for all answers |
| Multi-Collection | Organize knowledge by project |
Requirements
- Docker + Docker Compose
- 4GB+ RAM (8GB recommended for local LLM)
- Or: OpenAI/Anthropic API key for cloud LLM
Architecture
OpenClaw ◄──MCP──► @clawrag/mcp-server ◄──HTTP──► ClawRAG API (localhost:8080)
│
▼
┌─────────────┐
│ ChromaDB │
│ (vectors) │
└─────────────┘
Links
- 📚 Full Docs: https://github.com/2dogsandanerd/ClawRag#readme
- 🔧 API Reference: http://localhost:8080/docs (when running)
- 🐛 Issues: https://github.com/2dogsandanerd/ClawRag/issues
- 📦 MCP Package: https://www.npmjs.com/package/@clawrag/mcp-server
Tags
rag, vector, memory, search, documents, self-hosted, privacy, mcp, local-ai
Metadata für ClawHub-Upload:
| Feld | Wert |
|---|---|
| Slug | clawrag |
| Display name | ClawRAG - Self-hosted RAG & Memory |
| Version | 1.2.0 |
| Tags | rag, vector, memory, search, documents, self-hosted, privacy, mcp, local-ai |
Changelog für Version 1.2.0
1.2.0 - Initial ClawHub Release
- Connector skill for OpenClaw integration
- MCP server support (@clawrag/mcp-server v1.1.0)
- Docker-first deployment
- Hybrid search (Vector + BM25)
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…