ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ragtop-planner

面向外部 OpenClaw 的达人推广方案制定 Skill。基于 RAGTOP 三个工具接口(list_kb/list_doc/retrieval)执行四阶段工作流:规则提炼、案例总结、达人筛选、方案生成。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 290 · 1 current installs · 1 all-time installs
by@qbs784
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description state the skill will use RAGTOP's list_kb/list_doc/retrieval APIs; the only required credential is RAGTOP_API_TOKEN (primary) and an optional RAGTOP_API_URL. Required items align with the stated function—no unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md gives detailed runtime instructions to call RAGTOP endpoints, run multi-step retrieval and LLM summarization, and return traceable citations. This stays within the planning purpose. Two practical notes: (1) the docs assume the agent can perform HTTP calls (curl examples) though no curl binary is declared; (2) the default RAGTOP_API_URL points to a private IP (http://10.71.10.71:9380), so network traffic will go to that internal host unless the user overrides it—users should confirm that host is expected and trusted.
Install Mechanism
Instruction-only skill with no install spec and no code files—nothing is downloaded or written to disk by the skill bundle itself, which is the lowest-risk install model.
Credentials
Only RAGTOP_API_TOKEN is required (primary). An optional RAGTOP_API_URL is documented. The requested environment access is proportional to a skill that must call an external RAGTOP service. No additional secret/env requests appear.
Persistence & Privilege
The skill is not forced-always, does not request persistent/privileged presence, and does not instruct modifying other skills or system-wide settings. Autonomous model invocation remains enabled (platform default) but is not a new privilege requested by the skill.
Assessment
This skill appears coherent and implements what it claims: it will call a RAGTOP service using the provided RAGTOP_API_TOKEN and optional RAGTOP_API_URL, retrieve documents, and synthesize a plan. Before installing, confirm these points: (1) Verify you intend the agent to contact the RAGTOP host—SKILL.md defaults to an internal IP (http://10.71.10.71:9380); change RAGTOP_API_URL if that is not your service. (2) Provide a token with the least privilege needed and confirm the token's tenant/scope; the token gives access to knowledge bases and document contents. (3) Understand that retrieved documents and user queries will be sent to the RAGTOP service—do not use a token that grants access to sensitive data you don't want exposed. (4) Ensure your agent environment can make outbound HTTP calls (the docs use curl) and that network routing to the default host is expected. (5) The skill uses LLM prompts to avoid hallucinations and require traceability, but you should still review generated plans and citations before acting. If you are concerned about autonomous invocation, restrict or audit when the skill can be used or require explicit user invocation.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk9724btvkxyk23mr7hzb8g66gn81zvzv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📈 Clawdis
EnvRAGTOP_API_TOKEN
Primary envRAGTOP_API_TOKEN

SKILL.md

ragtop-planner Skill

该 Skill 将达人推广方案制定流程改造为外部可执行编排,外部服务无需改后端即可调用。

Configuration

必须配置以下环境变量:

  • RAGTOP_API_TOKEN:API Token(必填)
  • RAGTOP_API_URL:API Base URL(可选,默认 http://10.71.10.71:9380

可用工具(tool_cli)

统一前缀:${RAGTOP_API_URL}/api/v1/ragtop/tool

1) list_kb

  • 方法:POST
  • 路径:/list_kb
  • 认证:Authorization: Bearer ${RAGTOP_API_TOKEN}
  • 返回(关键字段):data.kbs[]data.total
curl -L -X POST "${RAGTOP_API_URL}/api/v1/ragtop/tool/list_kb" \
  -H "Authorization: Bearer ${RAGTOP_API_TOKEN}" \
  -H "Content-Type: application/json"

2) list_doc

  • 方法:POST
  • 路径:/list_doc
  • 必填:knowledge_id
  • 返回(关键字段):data.docs[]data.total
curl -L -X POST "${RAGTOP_API_URL}/api/v1/ragtop/tool/list_doc" \
  -H "Authorization: Bearer ${RAGTOP_API_TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{"knowledge_id":"YOUR_KB_ID"}'

3) retrieval

  • 方法:POST
  • 路径:/retrieval
  • 必填:knowledge_id + (queryqueries)
  • 可选:doc_idsretrieval_setting.top_kretrieval_setting.score_threshold
  • 返回:records[](注意该接口直接返回 records,不是 data.records
curl -L -X POST "${RAGTOP_API_URL}/api/v1/ragtop/tool/retrieval" \
  -H "Authorization: Bearer ${RAGTOP_API_TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{
    "knowledge_id":"YOUR_KB_ID",
    "queries":["查询A","查询B"],
    "retrieval_setting":{"top_k":16,"score_threshold":0.3}
  }'

FH Workflow(外部执行)

请按顺序执行以下四步:

  1. RULES_SUMMARY:从名称为“方案”的知识库召回规则并总结执行清单。
  2. CASE_SUMMARY:从名称为“案例”的知识库召回并总结成功模式。
  3. KOL_SELECTOR:从名称为“价格”的知识库召回候选达人并生成 HTML 筛选表。
  4. PLAN_GENERATION:融合规则、案例、达人表和用户需求生成最终方案。

详细步骤见:

  • references/workflow.md
  • references/prompts.md
  • references/error_handling.md

执行规则

  • 必须先 list_kb,并匹配三个知识库名称:方案案例价格
  • 优先使用 queries 多路召回;仅在简单请求时用单 query
  • 如用户指定文件范围,先调用 list_doc,再把 doc_ids 传给 retrieval
  • 最终回答必须做预算合规检查(总价 <= 用户预算)。
  • 所有关键结论必须可追溯到召回来源(文档名或记录来源)。
  • 输出中统一使用 ragtop 命名。

推荐默认参数

  • 规则召回:top_k=24score_threshold=0.2
  • 案例召回:top_k=8score_threshold=0.2
  • 价格召回:top_k=100score_threshold=0.1

失败与降级

  • 鉴权失败:提示用户检查 Token 是否有效或是否过期。
  • 知识库缺失:明确指出缺少 方案/案例/价格 中的哪个库。
  • 召回为空:建议用户细化关键词、指定文档或降低阈值后重试。
  • 预算冲突:要求剔除低优先级达人,直至满足预算。

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…