RAGLite
PassAudited by ClawScan on May 10, 2026.
Overview
RAGLite’s artifacts match its local RAG purpose, but users should know it stores indexed copies of selected private documents and installs an unpinned Python package.
Install only if you trust the raglite-chromadb package source. Use narrow document paths, avoid indexing secrets unless needed, confirm where your OpenClaw/model engine and Chroma endpoint run, and remember that distilled Markdown and vector indexes can retain private content until you delete them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future or compromised package release could change what code runs when the skill is installed or upgraded.
The installer downloads and runs an external PyPI package without a pinned version or hash. This is purpose-aligned for installing the CLI, but the package contents are not included in the reviewed artifacts.
python -m pip install --upgrade raglite-chromadb
Install from a trusted package source, consider pinning a known-good version, and review the upstream package/repository before using it on sensitive documents.
A document path or option containing spaces or wildcards could be interpreted differently than intended, potentially indexing the wrong files.
The plugin invokes a shell and forwards arguments through an unquoted $@. This does not by itself show command injection, but it can cause shell word-splitting or glob expansion if arguments contain spaces or wildcard characters.
"command": ["bash", "-lc", "${SKILL_DIR}/scripts/raglite.sh $@"]Prefer direct script execution or update the plugin wrapper to quote arguments safely, such as using "$@" with a shell-safe invocation pattern.
Private content may remain in the output directory and Chroma collection and may be retrieved into future prompts or workflows.
The skill explicitly stores distilled Markdown and indexes local/private documents for later retrieval. This is the stated purpose, but it creates persistent reusable context from sensitive files.
durable place to store and retrieve information ... especially useful for local/private knowledge (school work, personal notes, medical records, internal runbooks)
Index only intended directories, avoid secrets unless necessary, keep separate collections for sensitive data, review the distilled Markdown, and delete the output/index when no longer needed.