v1.0.8

RAGLite

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:22 AM.

Analysis

RAGLite appears purpose-aligned, but it deserves review because it can turn sensitive local documents into a persistent searchable cache and installs an unpinned Python package.

GuidanceInstall only if you are comfortable with a local RAG tool creating durable searchable artifacts from selected documents. Before using it on medical, personal, school, or internal business records, decide exactly which folders are allowed, where outputs and Chroma data live, what model engine processes the text, and how you will delete or rotate the cache.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

SKILL.md

If you distill content from third parties ... assume it may contain prompt injection attempts.

The skill ingests untrusted document text into a model-based distillation workflow. The artifact acknowledges this risk and says the prompts treat source text as data only, which is a useful mitigation but still something users should notice.

User impactMalicious or misleading source documents could try to influence summaries or retrieved context if the agent over-trusts document contents.

RecommendationTreat retrieved passages and distilled notes as untrusted evidence, not instructions, and avoid letting retrieved text directly trigger tools or account actions.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

scripts/install.sh

python -m pip install --upgrade raglite-chromadb

The installer fetches and upgrades an unpinned PyPI package at install time, with an optional custom index URL. This is purpose-aligned for a Python CLI skill, but the installed package code is not pinned by the artifact.

User impactA future package update or index change could alter the code that runs locally and processes documents.

RecommendationPrefer a pinned package version and trusted index, review the upstream package/repository, and reinstall only when you intentionally want an update.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

durable place to store and retrieve information ... local/private knowledge (school work, personal notes, medical records, internal runbooks)

The skill is intended to persist distilled documents and retrieval indexes for sensitive local/private material. The artifacts do not clearly bound allowed paths, exclusions, retention, deletion, or when an agent may index those documents.

User impactPrivate documents could be copied into long-lived Markdown/vector caches and reused in later queries, increasing exposure if the wrong folder, output location, model engine, or Chroma endpoint is used.

RecommendationOnly index explicitly selected folders, exclude secrets and unnecessary personal data, keep Chroma local/private, review generated Markdown, and add clear retention/deletion practices before using it on sensitive records.