Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Rag Retriever
v0.1.1RAG 2.0 检索系统,支持中文分词,混合向量与关键词搜索,智能文档分块与加权重排,自动生成 RAG 格式输出。
⭐ 0· 39·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The libraries and files (LanceDB, jieba, HuggingFace transformers, BM25 implementation) are appropriate for a RAG retriever and align with the description. The included local model/tokenizer artifacts also make sense for local embedding support. No obvious unrelated dependencies are present.
Instruction Scope
SKILL.md instructs npm install and running the CLI and JS APIs and documents using external embedding providers, but it does not mention that the code will call the OpenAI Embeddings API. The runtime instructions do not declare or warn about network requests or the need to supply an OpenAI API key, which the code will use if present.
Install Mechanism
There is no formal install spec in the registry entry, but SKILL.md/README instruct users to run 'npm install'. package.json and package-lock.json will pull many native and heavy dependencies (transformers, onnxruntime, sharp, etc.), which is expected for local transformer support but can be large and may require native build/runtime dependencies. This is expected for the skill's purpose but worth knowing.
Credentials
Registry metadata declares no required environment variables, but src/embeddings.js reads process.env.OPENAI_API_KEY and will POST user text to https://api.openai.com/v1/embeddings if used. That means sensitive data (documents or queries) can be sent to an external API if a key is provided — this external credential access is not declared in the skill metadata.
Persistence & Privilege
The skill does write local caches and model/tokenizer artifacts under ./data/ (embedding cache, lancedb, model-cache). It does not request permanent 'always: true' privileges and does not attempt to modify other skills or global agent settings. Local file writes are expected for this functionality.
What to consider before installing
This skill appears to implement a legitimate RAG retriever, but exercise caution because: (1) the code will call the OpenAI Embeddings API if an OPENAI_API_KEY is available — that is not declared in the registry metadata or SKILL.md; providing a key will cause your texts to be sent to OpenAI. (2) npm install pulls heavy native deps (transformers, onnxruntime, sharp), so review resource/compatibility and run in a sandbox if possible. Before installing, either: (A) review src/embeddings.js and other source files to confirm what data is sent externally, (B) avoid setting OPENAI_API_KEY to force use of the local SimpleEmbedding fallback, or (C) run the skill in an isolated environment and inspect network traffic. If you plan to provide an API key, make sure you understand what documents/queries will be transmitted and consider data-sanitization or policy constraints. If you want to be extra safe, run tests locally and audit the code paths that call external APIs and write to ./data/.src/embeddings.js:16
Environment variable access combined with network send.
src/embeddings.js:4
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97djdx52w7ghwszqrnz0ee4p583y4ws
License
MIT-0
Free to use, modify, and redistribute. No attribution required.