RAGFlow
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a disclosed RAGFlow management helper that uses an API key to upload, retrieve, update, parse, and delete RAGFlow dataset content, with delete-confirmation guidance included.
Install this only if you want the agent to manage RAGFlow datasets and documents with your API key. Use a scoped credential if possible, verify the RAGFLOW_API_URL, be careful when uploading sensitive files, and require the agent to show exact dataset or document IDs before you approve any deletion.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could change or delete RAGFlow datasets or documents.
The skill intentionally exposes data-changing RAGFlow operations, including deletes and parsing control. This is aligned with the stated purpose, but users should notice the mutation authority.
create, list, inspect, update, or delete datasets; upload, list, update, or delete documents; start or stop parsing
Use least-privilege RAGFlow API credentials where possible and review dataset/document IDs before approving changes, especially deletes.
Deletes are intended to require explicit confirmation, reducing accidental removal of datasets or documents.
The artifacts include a clear safety instruction for destructive actions. The risk remains worth noting because deletion authority is present, even though the workflow asks for confirmation.
For any delete action, list the exact items first and require explicit user confirmation before executing.
Only confirm delete actions after checking the exact dataset or document IDs shown by the agent.
Anyone using this skill with your API key can perform the RAGFlow operations allowed by that key.
The skill requires a RAGFlow API key and uses it as the primary credential. This is expected for RAGFlow API access, but it grants delegated account authority.
requires:\n env:\n - RAGFLOW_API_URL\n - RAGFLOW_API_KEY\n primaryEnv: RAGFLOW_API_KEY
Provide a scoped API key if RAGFlow supports it, rotate keys if exposed, and avoid using credentials with broader access than needed.
A non-default invocation could query a different RAGFlow endpoint with the same bearer token.
The model-listing script allows an alternate authenticated endpoint path under the configured RAGFlow base URL. This appears intended for API compatibility, but it slightly broadens how the API key can be used.
parser.add_argument("--api-path", default=DEFAULT_API_PATH, help=f"Endpoint path (default: {DEFAULT_API_PATH})")Use the default model-listing endpoint unless you intentionally need a different RAGFlow API path.
Search results may expose sensitive document excerpts from datasets the API key can access.
The skill retrieves RAGFlow dataset chunks and relays returned fields. Retrieved content may contain private information or untrusted document text, which is inherent to RAG/Retrieval workflows.
retrieve chunks from one or more datasets
Use this skill only with datasets you are comfortable querying through the agent, and treat retrieved document text as source material rather than trusted instructions.
You have less external provenance information to verify the publisher or upstream project.
The registry metadata does not provide an upstream source or homepage. The supplied scripts are bundled and no install step is required, so this is a provenance note rather than a behavioral concern.
Source: unknown; Homepage: none
Review the bundled artifacts and install only if you trust the registry publisher and the provided code.