ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Filechat

Search, retrieve, and chat with documents securely stored in ANY Google Drive folder using semantic vector search (RAG). Use when: (1) a user asks to save a...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 92 · 0 current installs · 0 all-time installs
by@eladrave
duplicate of @eladrave/eladrave-filechat-rag
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (indexing Google Drive, embedding with Gemini/OpenAI, storing vectors locally or in Qdrant) matches the required binaries (node, npm, gws) and the code. However the registry metadata declares no required environment variables while SKILL.md and the code clearly require EMBEDDING_PROVIDER plus GEMINI_API_KEY or OPENAI_API_KEY (and optionally QDRANT_URL/QDRANT_API_KEY). This metadata omission is misleading and incoherent.
!
Instruction Scope
Runtime instructions are explicit about running the Google Workspace CLI, performing an interactive OAuth login, reading/writing a .env inside ./skills/filechat, downloading/uploading files from Drive, and deleting cache files. These actions are within the stated purpose. However the repository also contains test artifacts that perform interactive authentication and include a hard-coded GEMINI API key and OAuth client credentials; those test-related instructions and files increase risk and are unexpected for a production skill.
Install Mechanism
Install uses npm to install @googleworkspace/cli (which exposes gws) and runs npm install for the skill. This is a standard, traceable npm install (no arbitrary URL downloads or extracted archives). The dependency list is broad (embedding, qdrant, pdf parsing, etc.) but consistent with the feature set.
!
Credentials
The code requires embedding provider credentials (GEMINI_API_KEY or OPENAI_API_KEY) and optionally Qdrant credentials, which are reasonable for the feature set — but the registry did not declare these env vars. Critically, the repo contains test files with hard-coded credentials: a Google OAuth client_id/client_secret and a GEMINI_API_KEY-like string. These embedded secrets are unnecessary for end users and are a sensitive, unexpected inclusion.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or global agent config. It stores vector DB and meta files under its own directory and writes downloaded files to workspace paths; that behavior is expected for this functionality.
Scan Findings in Context
[hardcoded-google-oauth-credentials] unexpected: tests/credentials.json contains an OAuth client_id and client_secret. A skill indexing user Drive should not include a client_secret in the repository; test credentials in source are unexpected and sensitive.
[hardcoded-api-key] unexpected: tests/setup.js and tests/skill.test.js include a hard-coded GEMINI_API_KEY-like string (starts with 'AIza...'). Embedding an API key in source is unnecessary and risky.
[child_process-exec] expected: The code uses execSync to run npx @googleworkspace/cli commands (drive files list/get, auth login). Executing the GWS CLI is expected for this skill, but execSync runs shell commands and should be executed in a trusted environment.
What to consider before installing
What to consider before installing: - Functionally coherent but metadata is misleading: the registry does not list the environment variables you must provide. The skill needs EMBEDDING_PROVIDER and one of GEMINI_API_KEY or OPENAI_API_KEY (and optionally QDRANT_URL / QDRANT_API_KEY) in ./skills/filechat/.env. - Sensitive credentials appear inside the repo's tests: tests/credentials.json contains a Google OAuth client_secret and tests reference a hard-coded GEMINI API key. Do NOT use those credentials for your account. Treat them as a red flag — they may be stale/test values, or they could be live; avoid trusting them and do not rely on embedded secrets. - The skill runs the Google Workspace CLI interactively (it will prompt you to authenticate and will request Drive access). Only point it at folders/accounts you trust. It will download files from any Drive folder you authorize and can upload files into Drive folders you choose. - Installation runs npm install and will install multiple dependencies; review package.json and package-lock if you require stricter supply-chain assurance. Run in an isolated environment (container or dedicated VM) if you decide to test it. - If you proceed: remove or replace the test credentials, supply your own API keys, and verify Qdrant endpoint ownership before pointing the skill at sensitive data. Consider restricting the skill to a dedicated Google account or a folder with limited data. - If you want a safer baseline: request the publisher to (1) update registry metadata to declare required env vars, (2) remove hard-coded credentials from the repository, and (3) publish documentation about the expected auth model and data residency for Qdrant.
sync-all.js:17
Shell command execution detected (child_process).
sync.js:50
Shell command execution detected (child_process).
tests/setup.js:30
Shell command execution detected (child_process).
tests/skill.test.js:17
Shell command execution detected (child_process).
query.js:16
Environment variable access combined with network send.
sync.js:17
Environment variable access combined with network send.
!
query.js:31
File read combined with network send (possible exfiltration).
!
sync.js:140
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.4
Download zip
latestvk97bcjt6ez0ctw6gwhy6m20btd83xceg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, npm, gws

Install

Install Google Workspace CLI
Bins: gws
npm i -g @googleworkspace/cli

SKILL.md

FileChat RAG Skill

Your personal RAG (Retrieval-Augmented Generation) document library backed by Google Drive. Supports multiple Google Drive folders dynamically, interactive folder routing, incremental sync, choosing between Gemini or OpenAI for embeddings, and connecting to Qdrant.

Setup & Bootstrap

FIRST verify that the required environment variables are set in /workspace/skills/filechat/.env:

  1. EMBEDDING_PROVIDER (either gemini or openai)
  2. GEMINI_API_KEY or OPENAI_API_KEY
  3. Optional: QDRANT_URL and QDRANT_API_KEY (If absent, it uses local disk-based JSON).

Create the .env file like this:

echo "EMBEDDING_PROVIDER=gemini" > ./skills/filechat/.env
echo "GEMINI_API_KEY=your_key_here" >> ./skills/filechat/.env

Google Workspace Authentication: Before running any commands, check if the system is authenticated by running:

npx @googleworkspace/cli auth status

If it returns an auth error or indicates no token, you MUST prompt the user to authenticate. Trigger the interactive login flow:

npx @googleworkspace/cli auth login --services drive

Wait for the user to complete the browser OAuth flow before proceeding.

Folder Management

The user can have infinite folders synced. You manage them using folders.js.

  • List Folders: cd ./skills/filechat && node folders.js list
  • Add a Folder: node folders.js add "Taxes 2026" <FOLDER_ID> (Auto-discovers the ID via gws drive files list if you don't know it!)
  • Set Default Folder: node folders.js default "Taxes 2026"

If the user asks to do something with a file/folder but doesn't specify which one, run node folders.js get-default to find the default ID. If no folders exist, ask them to set one up!

How to Sync the Library

When the user asks to "sync", "flush", or "update", you must run the ingestion script.

To sync a specific folder:

cd ./skills/filechat && node sync.js <FOLDER_ID>

To sync EVERYTHING (all folders in the registry):

cd ./skills/filechat && node sync-all.js

Note: Syncs are highly incremental and use a local cache! If a file hasn't been modified in Drive, the script will skip it instantly and output "0 chunks" embedded. This is NORMAL behavior. If you are debugging, testing, or the user specifically requests a hard flush, you MUST delete the cache files first:

rm ./skills/filechat/meta_<FOLDER_ID>.json
rm ./skills/filechat/vector_db_<FOLDER_ID>.json

How to Answer User Questions (RAG)

Query the local vector store or Qdrant for the target Folder ID to fetch relevant text chunks:

cd ./skills/filechat && node query.js <FOLDER_ID> "What does my medical discharge say?"

Use the snippets returned to answer the user.

How to Retrieve and Send a Physical File

Find the File ID using the query script, then download it:

gws drive files get --params '{"fileId": "<FILE_ID>", "alt": "media"}' --output /workspace/discharge.pdf

Reply using the media tag: MEDIA:/workspace/discharge.pdf.

How to Store a New File for the User

If the user uploads a file and asks you to save it (or implicitly sends a file per your automatic processing rules):

  1. Check their folders (node folders.js list).
  2. If they didn't specify which folder, use the default folder. If no default is set, ask them!
  3. Notify the user exactly which folder the file is being saved to.
  4. Tell the user that you are now extracting the information and saving it in a vectordb.
  5. If the file is an image or scanned document, make sure to extract the text using a vision model or OCR before it is embedded. (The sync script handles this natively).
  6. Upload it to the correct folder using gws: 
    gws drive files create --json '{"name": "filename.pdf", "parents": ["<FOLDER_ID>"]}' --upload /path/to/uploaded/file.pdf
  7. Trigger node sync.js <FOLDER_ID> so the vector database chunks and embeds the file into the corresponding vectordb.

How to Test & Validate the Skill

If the user asks you to verify the skill is working, or if you just set it up and want to ensure end-to-end functionality, follow these exact steps:

  1. Verify Auth: Run npx @googleworkspace/cli auth status. Ensure it shows a valid token.
  2. Verify Drive Access: Do a dry-run fetch of the target folder to ensure GWS can see the files. 
    npx @googleworkspace/cli drive files list --params '{"q": "'\''<FOLDER_ID>'\'' in parents and trashed = false"}'
    (If this fails, check folder permissions or GWS credentials.)
  3. Force a Clean Sync: Clear the cache for the test folder to guarantee a fresh run, then sync. 
    rm -f ./skills/filechat/meta_<FOLDER_ID>.json ./skills/filechat/vector_db_<FOLDER_ID>.json
node ./skills/filechat/sync.js <FOLDER_ID>
    (You should see files being downloaded, OCR'd, and chunks being embedded. If it says "0 chunks", verify the folder isn't empty.)
  4. Test the Vector Query: Run a generic query to verify the embeddings were saved and cosine similarity works. 
    node ./skills/filechat/query.js <FOLDER_ID> "hello"
    (You should see a list of "Top matches" with similarity scores and text snippets. If you do, the RAG pipeline is 100% operational!)

Files

14 total
Select a file
Select a file to preview.

Comments

Loading comments…