ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ragflow API Client

Universal client for Ragflow API enabling dataset management, document upload, and running chat queries against self-hosted RAG knowledge bases.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
5 · 604 · 0 current installs · 0 all-time installs
by@angusthefuzz
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Ragflow API client) match the included CLI and library. Required binary is node, which is appropriate. The functions and REST endpoints in code align with dataset management, uploads, parsing, and retrieval described in the SKILL.md.
Instruction Scope
SKILL.md instructs the agent to use RAGFLOW_URL and RAGFLOW_API_KEY and run the provided node scripts. The code only reads the declared env vars, reads local files only when given an explicit path, and sends requests to the configured RAGFLOW_URL. There are no instructions to read unrelated system files or exfiltrate data to other endpoints.
Install Mechanism
No install spec is provided (instruction-only), and the included code is plain JS. No external downloads or archive extraction are performed by an installer. This is low-risk from an install perspective.
Credentials
The SKILL.md and code require RAGFLOW_URL and RAGFLOW_API_KEY (appropriate and proportionate). However, the registry summary at the top of the report listed 'Required env vars: none' which contradicts the SKILL.md and code; this is a metadata inconsistency that should be resolved before trusting automated deployment/permission tooling.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or modify other skills. Autonomous invocation is allowed (platform default) but is not combined with any other elevated privileges here.
Assessment
This skill appears to be what it claims: a Node-based Ragflow API client. The primary risk is operational: the tool will upload files and send them to whatever RAGFLOW_URL you provide using the RAGFLOW_API_KEY. Only install/use it if you trust the Ragflow instance and you provide a least-privilege API key. Also note the registry metadata lists no required env vars while SKILL.md and the code require RAGFLOW_URL and RAGFLOW_API_KEY — verify that metadata mismatch before automating credential injection. Finally, avoid running the CLI in contexts where untrusted users could supply arbitrary file paths to upload sensitive data.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk97fsx5sepkj3csaxesekrvp05815vbw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis
Binsnode

SKILL.md

Ragflow API Client

Universal client for Ragflow — self-hosted RAG (Retrieval-Augmented Generation) platform.

Features

  • Dataset management — Create, list, delete knowledge bases
  • Document upload — Upload files or text content
  • Chat queries — Run RAG queries against datasets
  • Chunk management — Trigger parsing, list chunks

Usage

# List datasets
node {baseDir}/scripts/ragflow.js datasets

# Create dataset
node {baseDir}/scripts/ragflow.js create-dataset --name "My Knowledge Base"

# Upload document
node {baseDir}/scripts/ragflow.js upload --dataset DATASET_ID --file article.md

# Chat query
node {baseDir}/scripts/ragflow.js chat --dataset DATASET_ID --query "What is stroke?"

# List documents in dataset
node {baseDir}/scripts/ragflow.js documents --dataset DATASET_ID

Configuration

Set environment variables in your .env:

RAGFLOW_URL=https://your-ragflow-instance.com
RAGFLOW_API_KEY=your-api-key

API

This skill wraps Ragflow's REST API:

  • GET /api/v1/datasets — List datasets
  • POST /api/v1/datasets — Create dataset
  • DELETE /api/v1/datasets/{id} — Delete dataset
  • POST /api/v1/datasets/{id}/documents — Upload document
  • POST /api/v1/datasets/{id}/chunks — Trigger parsing
  • POST /api/v1/datasets/{id}/retrieval — RAG query

Full API docs: https://ragflow.io/docs

Examples

// Programmatic usage
const ragflow = require('{baseDir}/lib/api.js');

// Upload and parse
await ragflow.uploadDocument(datasetId, './article.md', { filename: 'article.md' });
await ragflow.triggerParsing(datasetId, [documentId]);

// Query
const answer = await ragflow.chat(datasetId, 'What are the stroke guidelines?');

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…