ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RagClaw Knowledge Base

v0.5.0

Local-first knowledge base to index, search, and manage documents and web pages offline using SQLite and local embedding models.

1· 204·1 current·1 all-time
by@emdzej

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for emdzej/ragclaw.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "RagClaw Knowledge Base" (emdzej/ragclaw) from ClawHub.
Skill page: https://clawhub.ai/emdzej/ragclaw
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ragclaw

ClawHub CLI

Package manager switcher

npx clawhub@latest install ragclaw
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the provided commands and shell wrapper. The skill is instruction-only and delegates work to an external CLI (@emdzej/ragclaw-cli). Minor inconsistency: SKILL.md uses names/paths with 'kbclaw' while skill.json/storage uses 'ragclaw', which could lead to confusion about where data/config are stored.
!
Instruction Scope
Instructions are generally scoped to indexing, searching, and local storage. However, features like web crawling and 'embedder download' imply network activity (fetching pages and model weights). SKILL.md also claims 'Zero external APIs' and 'offline embeddings' which is misleading because the skill explicitly supports downloading embedders and crawling remote pages. The agent will run an external binary (ragclaw CLI), which may perform arbitrary I/O/network operations on your behalf.
Install Mechanism
No install spec is included (instruction-only). The provided kb.sh only checks for a CLI and instructs the user to install '@emdzej/ragclaw-cli' via npm. No third-party archives or obscure URLs are fetched by the skill itself.
Credentials
The skill declares no required environment variables or secrets. It optionally respects RAGCLAW_BIN to point to the CLI executable; that's reasonable but means a manipulated env var could alter which binary is executed.
Persistence & Privilege
always is false and the skill is user-invocable only. It will read/write files under user home (XDG dirs, ~/.config, ~/.local/share) which is expected for a local KB. Again, mismatch in names/paths between SKILL.md (~/.local/share/kbclaw, ~/.config/kbclaw) and skill.json (~/.local/share/ragclaw) should be clarified.
What to consider before installing
Before installing/using this skill: 1) Understand that the skill is a thin wrapper that runs a third-party CLI (@emdzej/ragclaw-cli). Review that project's source and npm package to ensure you trust its behavior (it will run on your machine and can access disk and network). 2) Expect network activity: web crawling and 'embedder download' will fetch remote content and model weights despite the 'offline' claim — if you need strictly offline behavior, disable crawling and do not download embedders. 3) Confirm where data will be written (SKILL.md uses ~/.local/share/kbclaw and ~/.config/kbclaw, but skill.json references ~/.local/share/ragclaw) and adjust or sandbox if needed. 4) Be careful with the RAGCLAW_BIN env var — if set to an untrusted program it will be executed; prefer installing the CLI from a trusted source and keep RAGCLAW_BIN unset. 5) If you require higher assurance, run the ragclaw CLI in a restricted environment (container or VM) and verify network/file activity during a test run.

Like a lobster shell, security has layers — review code before you run it.

latestvk975gc16rw7jcf7xypb5qttw8x83bh59
204downloads
1stars
1versions
Updated 1mo ago
v0.5.0
MIT-0
@emdzej
latest
Download

RagClaw Knowledge Base Skill

Local-first knowledge base for OpenClaw.

Description

Index and search your documents, code, and web pages locally. Zero external APIs, offline embeddings, SQLite-based storage.

Commands

/kb add <source>

Index a file, directory, or URL.

Examples:

/kb add ./docs/
/kb add https://docs.example.com
/kb add ~/projects/my-app/src/
/kb add https://docs.example.com --crawl --crawl-max-depth 2

Options:

  • --db <name> — Knowledge base name (default: "default")
  • --recursive — Recurse into directories (default: true)
  • --embedder <preset> — Embedder preset: nomic|bge|mxbai|minilm (default: nomic)
  • --include <pattern> — Regex filter: include only matching filenames
  • --exclude <pattern> — Regex filter: exclude matching filenames
  • --max-depth <n> — Maximum directory recursion depth
  • --max-files <n> — Maximum number of files to index
  • --crawl — Follow links from a seed URL
  • --crawl-max-depth <n> — Link traversal depth (default: 3)
  • --crawl-max-pages <n> — Max pages to fetch (default: 100)
  • --crawl-same-origin — Stay on the same domain (default: true)
  • --crawl-include <patterns> — Comma-separated URL path prefixes to include
  • --crawl-exclude <patterns> — Comma-separated URL path prefixes to exclude
  • --crawl-concurrency <n> — Concurrent fetchers (default: 1)
  • --crawl-delay <ms> — Delay between requests in ms (default: 1000)
  • --enforce-guards — Enable path/URL security guards

/kb search <query>

Search the knowledge base.

Examples:

/kb search how to configure authentication
/kb search async function error handling
/kb search "memory leak" --mode hybrid --limit 10

Options:

  • --db <name> — Knowledge base name (default: "default")
  • --limit <n> — Max results (default: 5)
  • --mode <mode> — Search mode: vector|keyword|hybrid (default: hybrid)
  • --json — Machine-readable JSON output

/kb reindex

Re-process changed sources and keep vectors up to date.

Options:

  • --db <name> — Knowledge base name (default: "default")
  • -f, --force — Force full rebuild (ignore hashes)
  • -p, --prune — Remove sources that no longer exist on disk
  • --embedder <preset> — Switch embedder and rebuild all vectors

/kb merge <source.sqlite>

Merge another knowledge base into the local one.

Options:

  • --db <name> — Destination knowledge base (default: "default")
  • --strategy <strict|reindex>strict copies vectors verbatim (same embedder required); reindex re-embeds locally (default: strict)
  • --on-conflict <skip|prefer-local|prefer-remote> — Conflict resolution (default: skip)
  • --dry-run — Preview changes without writing
  • --include <paths> — Comma-separated path prefixes to import
  • --exclude <paths> — Comma-separated path prefixes to skip

/kb status

Show knowledge base statistics (chunks, sources, vector backend, embedder).

Options:

  • --db <name> — Knowledge base name (default: "default")

/kb list

List indexed sources.

Options:

  • --db <name> — Knowledge base name (default: "default")
  • -t <file|url> — Filter by source type

/kb remove <source>

Remove a source from the index.

Options:

  • --db <name> — Knowledge base name (default: "default")
  • -y — Skip confirmation prompt

/kb embedder list

List all available embedder presets with RAM requirements and status.

/kb embedder download [preset]

Pre-download a model for offline use.

Options:

  • --all — Download all built-in presets

/kb doctor

Check system health: Node.js version, RAM, sqlite-vec status, embedder compatibility, loaded plugins.

/kb plugin list

List discovered plugins with enabled/disabled status.

/kb plugin enable <name>

Enable a plugin (use --all for all discovered plugins).

/kb plugin disable <name>

Disable a plugin.

/kb config list

Show all configuration values and their source (env / config file / default).

/kb config get <key>

Show a single config value.

/kb config set <key> <value>

Persist a config value to ~/.config/kbclaw/config.yaml.

Supported Formats

TypeExtensions
Markdown.md, .mdx
Text.txt
PDF.pdf (OCR for scanned pages)
Word.docx
Code.ts, .js, .py, .go, .java
Images.png, .jpg, .gif, .webp, .bmp, .tiff (OCR)
Webhttp://, https://

Embedder Presets

AliasModelLanguageContextDims~RAMStrengths
nomicnomic-ai/nomic-embed-text-v1.5English8 192 tok768~600 MBLong docs, balanced, default
bgeBAAI/bge-m3100+ languages8 192 tok1024~2.3 GBMultilingual
mxbaimixedbread-ai/mxbai-embed-large-v1English512 tok1024~1.4 GBBest English MTEB
minilmsentence-transformers/all-MiniLM-L6-v2English256 tok384~90 MBMinimal RAM

Run /kb doctor to check which presets fit your available RAM.

Storage

Knowledge bases are stored as SQLite files following XDG conventions:

  • Default data dir: ~/.local/share/kbclaw/
  • Config file: ~/.config/kbclaw/config.yaml
  • Backwards compat: if ~/.openclaw/kbclaw/ exists it will be used automatically.

How It Works

  1. Extract — Pull text from documents (PDF, DOCX, HTML, code, images via OCR)
  2. Chunk — Split into semantic units (paragraphs, functions, classes)
  3. Embed — Generate vectors using a configurable local model (default: nomic-embed-text-v1.5, 768 dims)
  4. Store — SQLite with FTS5 for keyword search; embedder info written to DB metadata
  5. Search — Hybrid: 70% vector similarity + 30% BM25 keyword; embedder auto-detected from DB

All processing happens locally. No API keys required.

Comments

Loading comments...