RAGLite - Local Expandable Library AI Library
ReviewAudited by ClawScan on May 10, 2026.
Overview
RAGLite has a coherent local-RAG purpose, but it warrants review because it installs mutable external code and can persist sensitive private documents in a durable index while using an OpenClaw gateway by default.
Install only if you are comfortable with the upstream GitHub package, preferably pinned to a reviewed commit. Use a dedicated output folder and Chroma collection, avoid indexing secrets or highly sensitive records unless storage is protected, explicitly choose a trusted engine, and know how to delete the generated Markdown, .raglite cache, and Chroma collection.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A later change to that repository could change what code runs on the user's documents and gateway token without the skill artifact itself changing.
The installed runtime comes from a mutable GitHub main branch rather than a pinned release or reviewed source included in the skill package.
python -m pip install --upgrade "git+https://github.com/VirajSanghvi1/raglite.git@main"
Pin the dependency to a specific tag or commit, include a lockfile or hash, and review the upstream repository before installing.
Sensitive material may be copied into Markdown outputs, .raglite metadata, and Chroma collections, where it can be retrieved later or over-trusted by the agent.
The skill is designed to store and reuse sensitive local content as persistent RAG context, including summaries and indexes.
a durable place to store and retrieve information ... local/private knowledge (school work, personal notes, medical records, internal runbooks)
Index only narrowly selected folders, avoid secrets or highly sensitive records unless storage is protected, and document deletion, exclusion, and retention procedures.
Document content selected for condensation may be processed by the configured gateway, which may not be the same as purely local indexing.
The default condensation engine uses an OpenClaw gateway, creating a data boundary that users should understand before processing private documents.
This skill defaults to OpenClaw ... For OpenClaw engine: OpenClaw Gateway `/v1/responses` reachable
Verify the gateway endpoint and trust boundary, and pass an explicit local or trusted `--engine` when processing sensitive material.
The token could grant access to the user's OpenClaw gateway for document condensation requests.
The skill may use a gateway credential for its expected OpenClaw integration, though the artifact does not show hardcoding or leakage.
`OPENCLAW_GATEWAY_TOKEN` set if your gateway requires auth
Use the least-privileged gateway token available and avoid exposing it in logs, shell history, or shared environments.