Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
RAGLite
v1.0.0Local-first RAG cache: distill docs into structured Markdown, then index/query with Chroma + hybrid search (vector + keyword).
⭐ 0· 1.4k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (local-first RAG cache using Chroma + ripgrep) matches the files and scripts. However the runtime intentionally defaults to the external OpenClaw engine unless the user overrides it, which conflicts with a purely 'local-first' expectation; the SKILL.md does mention the default but the install/script behavior enforces it silently.
Instruction Scope
Runtime instructions and scripts create a venv and invoke 'raglite' from the installed package. The launcher script silently injects '--engine openclaw' when the user doesn't supply --engine, which can cause documents or queries to be sent to an OpenClaw gateway by default. SKILL.md references Chroma and ripgrep and instructs interacting with network endpoints (Chroma server, OpenClaw gateway) — these are within the tool's domain, but the automatic defaulting to an external engine is behavior users may not expect and could lead to unintended data transmission.
Install Mechanism
The install script uses pip to install directly from a personal GitHub repo via 'git+https://github.com/VirajSanghvi1/raglite.git@main'. This is a common pattern but higher risk than installing from a pinned release or well-known package index: it pulls code from an upstream main branch (not a fixed tag), so upstream changes could alter behavior after install. No other unusual downloads or obfuscated installers were found.
Credentials
The skill declares no required env vars, yet SKILL.md references OPENCLAW_GATEWAY_TOKEN (used if the gateway requires auth) and a Chroma URL. Because the launcher defaults to the OpenClaw engine, an external gateway and its token become relevant to normal runs even though they are not declared as required. That mismatch makes credential use/need non-obvious to users and increases the risk of accidental exposure of sensitive documents.
Persistence & Privilege
The skill is not always-enabled, does not request system-wide config paths or credentials, and does not modify other skills. It installs into a skill-local virtualenv, which is a contained install pattern.
Scan Findings in Context
[NO_PRESCAN_ISSUES] expected: Static pre-scan reported no injection signals; this is expected for an instruction-heavy skill with simple shell scripts. Absence of findings is not evidence of safety — dynamic network behavior and upstream package contents still matter.
What to consider before installing
Before installing: 1) Be aware the skill will, by default, use the OpenClaw engine unless you explicitly pass --engine; that may send data to an external gateway. If you want purely local operation, always pass an explicit local engine and/or verify raglite's defaults. 2) The installer pulls from a personal GitHub 'main' branch (un-pinned); review the upstream repo or pin a specific tag/commit to avoid unexpected updates. 3) If you must keep data local, ensure OPENCLAW_GATEWAY_TOKEN is not set and run with a local Chroma instance; install and run in an isolated environment (container or VM) first. 4) Consider inspecting the installed raglite package source after installation (or vendor it) to confirm there are no unexpected network endpoints. If you are not comfortable reviewing the upstream repo or exposing data to an external gateway, treat this skill as potentially risky.Like a lobster shell, security has layers — review code before you run it.
latestvk9716fzfz4snwysakwhh1bw9qn80jy0c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔎 Clawdis
OSmacOS · Linux
Binspython3, pip