Rag
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate local RAG search skill, but it broadly indexes private chats and workspace files into persistent memory and can reuse that context automatically.
Install only if you are comfortable with your OpenClaw chats, workspace files, and skill docs being indexed into a persistent local knowledge base and reused by the agent. Before use, define what paths should be indexed, avoid secrets, review or disable automatic updates, and be cautious with the optional Moltbook posting feature.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private chat history, code, configuration snippets, or misleading instructions from old content could be surfaced in later answers or influence the agent's behavior.
The artifact explicitly creates persistent retrieved context from broad local/private sources and reuses it automatically in future AI responses. That is central to RAG, but the scope and automatic reuse create material privacy and context-poisoning risk.
It indexes your entire knowledge base – chat transcripts, workspace code, skill documentation ... When the AI responds, it automatically ... Includes that context in the response ... This happens transparently
Index only directories you intend to reuse, avoid indexing secrets or sensitive chats, add exclusions, review retrieved context, and use the delete/reset tools to remove data you do not want retained.
A scheduled updater could continue adding new chats and workspace files to the local RAG store after initial setup.
The documentation describes a recurring background update mechanism that keeps indexing new or changed local data. It is disclosed, but users should confirm it is not running unexpectedly.
The RAG system includes an automatic update script that runs daily ... Runs via cron at 4:00 AM UTC daily ... State tracking: ~/.openclaw/workspace/memory/rag-auto-state.json
Check OpenClaw cron jobs, disable the updater if not wanted, and review the state and log files mentioned in the documentation.
If used, the skill can act through a Moltbook account and publish content using the configured key.
The optional Moltbook helper uses an API key and can post public/community content, while the registry metadata lists no required credentials. The behavior is documented and user-directed, so this is a notice rather than a standalone concern.
To use Moltbook posting, configure your API key: export MOLTBOOK_API_KEY="your-key-here" ... python3 scripts/moltbook_post.py "Title" "Content"
Only configure a Moltbook API key if you intend to use posting, keep the key scoped if possible, and review any content before publishing.
Installing or updating the dependency/model may bring in external code or artifacts that are outside the reviewed skill files.
The skill depends on an external Python package and an initial model download. This is expected for a local RAG system, but the dependency is not pinned in the visible install instructions.
python3 -m pip install --user chromadb ... Embeddings: all-MiniLM-L6-v2 (downloaded once, 79MB)
Install from trusted package indexes, consider pinning versions, and review dependency provenance if this is used in a sensitive environment.