RAGLite - Local Expandable Library AI Library
PassAudited by VirusTotal on May 12, 2026.
Overview
Package: raglite (xpi) Version: 1.0.6 Description: Local-first RAG cache: distill docs into structured Markdown, then index/query with Chroma + hybrid search (vector + keyword). The package installs its core functionality, the 'raglite' Python package, directly from the 'main' branch of an external GitHub repository (git+https://github.com/VirajSanghvi1/raglite.git@main) into a local virtual environment. This method of installation introduces a significant supply chain risk because the code executed is not version-pinned and can change at any time without explicit updates to the xpi package. A compromise of the external GitHub repository or malicious changes by its maintainer would directly affect users of this extension. The core logic of the 'raglite' Python package itself is not included in the provided source code for analysis, preventing a full security assessment of its functionality. The shell scripts otherwise perform standard virtual environment setup and command execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A later change to that repository could change what code runs on the user's documents and gateway token without the skill artifact itself changing.
The installed runtime comes from a mutable GitHub main branch rather than a pinned release or reviewed source included in the skill package.
python -m pip install --upgrade "git+https://github.com/VirajSanghvi1/raglite.git@main"
Pin the dependency to a specific tag or commit, include a lockfile or hash, and review the upstream repository before installing.
Sensitive material may be copied into Markdown outputs, .raglite metadata, and Chroma collections, where it can be retrieved later or over-trusted by the agent.
The skill is designed to store and reuse sensitive local content as persistent RAG context, including summaries and indexes.
a durable place to store and retrieve information ... local/private knowledge (school work, personal notes, medical records, internal runbooks)
Index only narrowly selected folders, avoid secrets or highly sensitive records unless storage is protected, and document deletion, exclusion, and retention procedures.
Document content selected for condensation may be processed by the configured gateway, which may not be the same as purely local indexing.
The default condensation engine uses an OpenClaw gateway, creating a data boundary that users should understand before processing private documents.
This skill defaults to OpenClaw ... For OpenClaw engine: OpenClaw Gateway `/v1/responses` reachable
Verify the gateway endpoint and trust boundary, and pass an explicit local or trusted `--engine` when processing sensitive material.
The token could grant access to the user's OpenClaw gateway for document condensation requests.
The skill may use a gateway credential for its expected OpenClaw integration, though the artifact does not show hardcoding or leakage.
`OPENCLAW_GATEWAY_TOKEN` set if your gateway requires auth
Use the least-privileged gateway token available and avoid exposing it in logs, shell history, or shared environments.