Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Rag Retriever
v0.1.0提供基于文档分块、简单词频嵌入及混合向量+关键词搜索的RAG 2.0检索系统,支持中英文本和来源引用。
⭐ 0· 58·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, README and SKILL.md match the included code and data: document chunking, simple TF embeddings, BM25, LanceDB storage and hybrid search are implemented. Minor mismatch: the code contains an OpenAIEmbedding provider that will call OpenAI's embeddings endpoint if used, but the skill's registry metadata does not declare OPENAI_API_KEY (no required env vars). This is optional behavior and coherent with the stated plan to optionally integrate OpenAI embeddings.
Instruction Scope
SKILL.md instructs only to run local CLI commands (init/add/search/rag) and use the provided JavaScript API; runtime instructions and implementation operate on local files and the included LanceDB path. There are no instructions to scan arbitrary system files or to exfiltrate agent data. The only external network call in code is to the OpenAI embeddings API when the OpenAIEmbedding provider is used, which aligns with an embedding provider.
Install Mechanism
There is no special install spec in registry metadata (instruction-only), but package.json and package-lock indicate npm install is expected. npm will pull sizeable dependencies (e.g., @huggingface/transformers, onnxruntime variants, sharp) which may compile native modules. The repository also includes local model/tokenizer JSON files (large assets) — this increases disk usage but is not inherently malicious. Review native dependency installation and disk requirements before installing.
Credentials
The skill declares no required environment variables, which is reasonable for its local/simple-embedding default. However, the OpenAIEmbedding implementation will use process.env.OPENAI_API_KEY if present or supplied — that credential is not declared in the metadata. No other credentials or unrelated env vars are requested. If you plan to use OpenAI embeddings, you must provide an API key; otherwise the default SimpleEmbedding is used.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request system-wide privileges or modify other skills. It writes caches and LanceDB files to its local data/ directory (e.g., data/embedding-cache.json, data/lancedb), which is expected for a retriever and is scoped to the skill's folder.
Assessment
This skill is largely coherent with its advertised RAG retriever purpose, but please consider the following before installing: 1) npm install will fetch non-trivial native-heavy packages (transformers, onnxruntime, sharp) — verify you are comfortable with build time and disk usage and run inside a controlled environment if unsure. 2) The code includes an OpenAI embedding provider that will call https://api.openai.com/v1/embeddings if you supply an API key (process.env.OPENAI_API_KEY) — the registry metadata doesn't declare that env var, so only provide keys if you intend to use OpenAI and understand network calls. 3) The skill writes cache and database files under its local data/ directory (embedding-cache.json, LanceDB files) — ensure you trust the documents you add. 4) If you need higher assurance, review package-lock.json for dependency origins, run the skill in a sandbox/container, or audit the few JS files that perform network calls (embeddings.js) and file writes before granting credentials.src/embeddings.js:16
Environment variable access combined with network send.
src/embeddings.js:4
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97bj86vyq2ygp7kxy129mfr1183myeh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.