ragflow-runbook
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent RAGFlow operations runbook, with disclosed Docker deployment, API-key-based checks, alerting, and optional monitoring behaviors that users should review before use.
Before installing or using this skill, confirm the RAGFlow URL, keep API keys in environment variables or a secret manager, review upstream Docker files before starting containers, pin a trusted RAGFlow version for production, and only enable alerts or schedules intentionally.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the skill can install and run RAGFlow containers based on upstream files, which may affect the local Docker environment.
The deploy helper fetches upstream RAGFlow Docker assets and can start containers. This is expected for a deployment runbook, and starting requires RAGFLOW_RUNBOOK_ALLOW_START=1, but it still depends on external upstream content.
UPSTREAM_REPO_URL="https://github.com/infiniflow/ragflow.git" ... git clone "$UPSTREAM_REPO_URL" "$UPSTREAM_DIR" ... docker compose up -d
For production use, pin a trusted RAGFlow tag or commit, review docker-compose files and .env settings, and only set the start/download opt-in variables when ready.
A RAGFlow API key gives the helper permission to query authenticated system endpoints on the configured RAGFlow instance.
The status helper uses a RAGFlow API key as a Bearer token to call system status endpoints. This is purpose-aligned and the script does not print the key, but it is still delegated account access.
api_key = get_env("RAGFLOW_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a least-privileged operations key where possible, provide it via environment variables or a secret manager, and confirm RAGFLOW_BASE_URL points to the intended trusted service.
Alert details may be delivered to an external chat target if the helper is used.
The alert helper sends user-provided alert text through OpenClaw messaging to Telegram. This matches the alerting purpose, but message contents leave the local runtime.
"openclaw", "message", "send", "--channel", "telegram", "--account", account, "--target", target, "--message", message
Do not include secrets or sensitive logs in alert details, and verify the OpenClaw account and Telegram target before sending.
If the user installs a cron or launchd schedule, health checks or alerts may run repeatedly until removed.
The skill advertises optional scheduling templates for recurring monitoring. This is disclosed and aligned with monitoring, but scheduled jobs can continue running after setup.
Copy/paste scheduling templates (cron + launchd)
Only add schedules you understand, document where they are installed, and remove or disable them when monitoring is no longer needed.