ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

anythingllm-rag

Query local documents via AnythingLLM RAG (Retrieval-Augmented Generation). Use when the user asks about their private/local documents, PDFs, uploaded files,...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 39 · 0 current installs · 0 all-time installs
by@tianmaomao
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name/description (RAG over local documents) matches the provided commands (query, upload, list). However, the script embeds a default API key and workspace ID rather than requiring the operator to provide credentials via environment variables as the SKILL.md implies. Shipping a default credential in code is disproportionate and unexpected for this purpose.
!
Instruction Scope
SKILL.md directs the agent to run scripts that can upload arbitrary files (upload <file>) and raw text to a remote API. Uploading local files is consistent with the stated purpose, but the instructions allow sending any filesystem path (including sensitive files) with no additional safeguards, prompting a high risk of accidental exfiltration.
Install Mechanism
No install spec — instruction-only with a bundled script. That reduces risk from arbitrary installers or remote downloads. The primary risk comes from executing the included script, not from an installation mechanism.
!
Credentials
SKILL.md documents environment variables ANYTHINGLLM_URL, ANYTHINGLLM_API_KEY, and ANYTHINGLLM_WORKSPACE, but the registry lists none. The script sets defaults and includes a hard-coded API key (ANYTHINGLLM_API_KEY default = 'JYF2P4K-SQ6MKA3-NGW734W-6CVY672') and a default workspace ID — storing credentials in source is disproportionate and unexpected, and may point to misuse or a shared/third-party backend.
Persistence & Privilege
The skill does not request always:true and has no special system privileges. However, because skills can be invoked autonomously by the agent, an enabled skill that can read local paths and upload files increases the blast radius — especially combined with the embedded API key and upload endpoints. That combination warrants caution.
Scan Findings in Context
[hardcoded-api-key] unexpected: The script defines ANYTHINGLLM_API_KEY with a literal token value. A RAG client should require the operator to supply their own API key via environment/config rather than include one in source.
[file-upload-via-curl] expected: The upload command uses curl -F to POST an arbitrary file to /api/v1/document/upload. This is expected for an upload feature, but it also makes it trivial to exfiltrate arbitrary local files if misused or invoked without explicit user confirmation.
What to consider before installing
This skill does what it says (query/upload local documents), but it ships with a hard-coded API key and will send any specified local file to the configured server. Before installing/use: 1) Do not use the embedded API key — supply your own via environment variables or remove the default from the script. 2) Confirm ANYTHINGLLM_URL points to a server you control (localhost or a trusted host). 3) Restrict the agent so uploads require explicit user approval (avoid autonomous invocation for file uploads). 4) Review and test the upload command in a sandbox with non-sensitive files first. 5) If you already used the embedded key, assume it may be compromised and rotate/disable it on the server. If you want lower risk, prefer a version that requires explicit per-file confirmation or that exposes only read/query operations (no arbitrary file upload).

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk977vmwk5qnw6s36rybtgjjfns838g9t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AnythingLLM RAG Skill

Query local/private documents through AnythingLLM's RAG API.

Configuration

Environment variables (set in TOOLS.md or shell):

  • ANYTHINGLLM_URL — default http://localhost:3001
  • ANYTHINGLLM_API_KEY — API token
  • ANYTHINGLLM_WORKSPACE — default workspace slug

Script location: scripts/anythingllm.sh

When to Use

Use AnythingLLM RAG when:

  • User asks about their local/private documents
  • User wants to search uploaded PDFs, DOCX, TXT files
  • User asks "what does X document say about Y"
  • User wants to upload documents to the knowledge base

Use default model when:

  • General knowledge questions
  • Questions not related to local documents
  • Coding, writing, analysis without document context

Commands

Query documents (RAG)

bash scripts/anythingllm.sh query "你的问题"

Upload a file

bash scripts/anythingllm.sh upload /path/to/file.pdf

Upload raw text

bash scripts/anythingllm.sh upload-text "文本内容" "文档标题"

List documents

bash scripts/anythingllm.sh list-docs

Check API health

bash scripts/anythingllm.sh health

Response Format

Query returns JSON with:

  • textResponse — the RAG-generated answer
  • sources — array of source documents used for context

Present the answer to the user, citing relevant sources when available.

Notes

  • Scripts are in the skill's scripts/ directory — use paths relative to skill location
  • API key and workspace are pre-configured
  • For PDF/DOCX queries, documents must be uploaded first

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…