ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RAGLite

Local-first RAG cache: distill docs into structured Markdown, then index/query with Chroma + hybrid search (vector + keyword).

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.2k · 0 current installs · 0 all-time installs
byViraj Sanghvi@VirajSanghvi1
duplicate of @VirajSanghvi1/raglite
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to be a local-first RAG cache (Chroma + ripgrep) but the registry metadata only requires python3/pip; the SKILL.md also lists ripgrep and a reachable Chroma server as prerequisites. The SKILL.md further advertises OpenClaw as the default condensation engine, which implies network interaction outside the local components — this is not reflected in the declared requirements. In short: some required tools and network dependencies the docs mention (rg, OpenClaw gateway) are not declared in the skill metadata.
!
Instruction Scope
Runtime instructions and the entrypoint script automatically inject '--engine openclaw' when the user does not supply an --engine argument, which will cause the tool to use the OpenClaw gateway by default (possible remote model service). That can result in document content being sent off-machine unless the user explicitly overrides the engine. The SKILL.md mentions OPENCLAW_GATEWAY_TOKEN but the skill does not declare or require that env var — the runtime instructions therefore rely on an undocumented sensitive variable and network endpoint.
!
Install Mechanism
Installation is via pip from a GitHub repository using the @main ref (git+https://github.com/VirajSanghvi1/raglite.git@main). Installing from an unpinned main branch means you fetch whatever is on that branch at install time (no fixed release, no checksum). pip installing a remote VCS package can execute package install hooks; while common, it is a higher-risk install method than a pinned release from a verified registry.
!
Credentials
The registry lists no required env vars but the documentation references OPENCLAW_GATEWAY_TOKEN when using the OpenClaw engine. That is a sensitive credential-like variable and should be declared if the skill expects it. Also the skill expects ripgrep and a reachable Chroma server, but these binaries/network services are not declared in the metadata. The mismatch between declared and actual env/network needs is disproportionate and could surprise users.
Persistence & Privilege
The skill does not request permanent inclusion (always:false), does not modify other skills or system-wide settings, and confines installed packages to a skill-local virtual environment. Entrypoint execution is normal for an exec-style skill.
What to consider before installing
Key things to check before installing/using RAGLite: - Understand the default engine behavior: the provided wrapper script will inject '--engine openclaw' if you don't pass --engine yourself, which causes the tool to use the OpenClaw gateway by default. That may send distilled document content to that gateway — do not run it on sensitive docs unless you trust the gateway and its operator. - OPENCLAW_GATEWAY_TOKEN is referenced in the docs but not declared in the skill metadata. Treat that as a sensitive credential: only set it if you trust the gateway and understand where requests go. - The install performs 'pip install git+...@main' (unpinning to main). Review the GitHub repo (https://github.com/VirajSanghvi1/raglite) before installing, and prefer a pinned release or commit SHA to avoid unexpected changes. Consider auditing the package's setup/entry points. - Ensure required local dependencies are present: python3 (3.11+), pip, ripgrep (rg) for keyword search, and a Chroma server if you intend to index locally. The skill metadata only listed python3/pip — install rg yourself if you need keyword matching. - If you want strictly local operation, explicitly pass a local engine (do not rely on the default) and confirm the tool is not configured to point to a remote Chroma instance or gateway. Run the install in an isolated environment (VM/container) if you want to limit risk. - If unsure, request the upstream repository URL and review its code (especially any install-time hooks) or ask the provider to publish a tagged release and declare required env vars.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97846419gadmv6naj63pjrbqn80j1eg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔎 Clawdis
OSmacOS · Linux
Binspython3, pip

SKILL.md

RAGLite — a local RAG cache (not a memory replacement)

RAGLite is a local-first RAG cache.

It does not replace model memory or chat context. It gives your agent a durable place to store and retrieve information the model wasn’t trained on — especially useful for local/private knowledge (school work, personal notes, medical records, internal runbooks).

Why it’s better than “paid RAG” / knowledge bases (for many use cases)

  • Local-first privacy: keep sensitive data on your machine/network.
  • Open-source building blocks: Chroma 🧠 + ripgrep ⚡ — no managed vector DB required.
  • Compression-before-embeddings: distill first → less fluff/duplication → cheaper prompts + more reliable retrieval.
  • Auditable artifacts: the distilled Markdown is human-readable and version-controllable.

If you later outgrow local, you can swap in a hosted DB — but you often don’t need to.

What it does

1) Condense ✍️

Turns docs into structured Markdown outputs (low fluff, more “what matters”).

2) Index 🧠

Embeds the distilled outputs into a Chroma collection (one DB, many collections).

3) Query 🔎

Hybrid retrieval:

  • vector similarity via Chroma
  • keyword matches via ripgrep (rg)

Default engine

This skill defaults to OpenClaw 🦞 for condensation unless you pass --engine explicitly.

Prereqs

  • Python 3.11+
  • For indexing/query:
    • Chroma server reachable (default http://127.0.0.1:8100)
  • For hybrid keyword search:
    • rg installed (brew install ripgrep)
  • For OpenClaw engine:
    • OpenClaw Gateway /v1/responses reachable
    • OPENCLAW_GATEWAY_TOKEN set if your gateway requires auth

Install (skill runtime)

This skill installs RAGLite into a skill-local venv:

./scripts/install.sh

It installs from GitHub:

  • git+https://github.com/VirajSanghvi1/raglite.git@main

Usage

One-command pipeline (recommended)

./scripts/raglite.sh run /path/to/docs \
  --out ./raglite_out \
  --collection my-docs \
  --chroma-url http://127.0.0.1:8100 \
  --skip-existing \
  --skip-indexed \
  --nodes

Query

./scripts/raglite.sh query ./raglite_out \
  --collection my-docs \
  --top-k 5 \
  --keyword-top-k 5 \
  "rollback procedure"

Outputs (what gets written)

In --out you’ll see:

  • *.tool-summary.md
  • *.execution-notes.md
  • optional: *.outline.md
  • optional: */nodes/*.md plus per-doc *.index.md and a root index.md
  • metadata in .raglite/ (cache, run stats, errors)

Troubleshooting

  • Chroma not reachable → check --chroma-url, and that Chroma is running.
  • No keyword results → install ripgrep (rg --version).
  • OpenClaw engine errors → ensure gateway is up and token env var is set.

Pitch (for ClawHub listing)

RAGLite is a local RAG cache for repeated lookups.

When you (or your agent) keep re-searching for the same non-training data — local notes, school work, medical records, internal docs — RAGLite gives you a private, auditable library:

  1. Distill to structured Markdown (compression-before-embeddings)
  2. Index locally into Chroma
  3. Query with hybrid retrieval (vector + keyword)

It doesn’t replace memory/context — it’s the place to store what you need again.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…