← Back to Skills Marketplace
angusthefuzz

Ragflow API Client

by angusthefuzz · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
1108
Downloads
6
Stars
2
Active Installs
3
Versions
Install in OpenClaw
/install ragflow
Description
Universal client for Ragflow API enabling dataset management, document upload, and running chat queries against self-hosted RAG knowledge bases.
Usage Guidance
This skill appears to be what it claims: a Node-based Ragflow API client. The primary risk is operational: the tool will upload files and send them to whatever RAGFLOW_URL you provide using the RAGFLOW_API_KEY. Only install/use it if you trust the Ragflow instance and you provide a least-privilege API key. Also note the registry metadata lists no required env vars while SKILL.md and the code require RAGFLOW_URL and RAGFLOW_API_KEY — verify that metadata mismatch before automating credential injection. Finally, avoid running the CLI in contexts where untrusted users could supply arbitrary file paths to upload sensitive data.
Capability Analysis
Type: OpenClaw Skill Name: ragflow Version: 1.0.2 The skill is designed to interact with a RAGflow API, including uploading documents. Its `uploadDocument` function in `lib/api.js` and the `upload` command in `scripts/ragflow.js` allow reading and uploading arbitrary local files specified by a `filePath` argument (e.g., `--file /etc/passwd`). While this functionality is inherent to a document upload feature, the lack of input sanitization or restrictions on the `filePath` creates a significant vulnerability. If an AI agent is susceptible to prompt injection, it could be instructed to upload sensitive local files (e.g., `~/.ssh/id_rsa`, `/etc/passwd`) to the configured `RAGFLOW_URL`, leading to local file exfiltration. This is a critical vulnerability that allows attacks, rather than code explicitly designed with malicious intent.
Capability Assessment
Purpose & Capability
Name/description (Ragflow API client) match the included CLI and library. Required binary is node, which is appropriate. The functions and REST endpoints in code align with dataset management, uploads, parsing, and retrieval described in the SKILL.md.
Instruction Scope
SKILL.md instructs the agent to use RAGFLOW_URL and RAGFLOW_API_KEY and run the provided node scripts. The code only reads the declared env vars, reads local files only when given an explicit path, and sends requests to the configured RAGFLOW_URL. There are no instructions to read unrelated system files or exfiltrate data to other endpoints.
Install Mechanism
No install spec is provided (instruction-only), and the included code is plain JS. No external downloads or archive extraction are performed by an installer. This is low-risk from an install perspective.
Credentials
The SKILL.md and code require RAGFLOW_URL and RAGFLOW_API_KEY (appropriate and proportionate). However, the registry summary at the top of the report listed 'Required env vars: none' which contradicts the SKILL.md and code; this is a metadata inconsistency that should be resolved before trusting automated deployment/permission tooling.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or modify other skills. Autonomous invocation is allowed (platform default) but is not combined with any other elevated privileges here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ragflow
  3. After installation, invoke the skill by name or use /ragflow
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Fixed metadata: env vars now properly declared at top level with security note
v1.0.1
Security fix: removed automatic .env loading (scope creep). Env vars must be set explicitly.
v1.0.0
Initial release
Metadata
Slug ragflow
Version 1.0.2
License
All-time Installs 2
Active Installs 2
Total Versions 3
Frequently Asked Questions

What is Ragflow API Client?

Universal client for Ragflow API enabling dataset management, document upload, and running chat queries against self-hosted RAG knowledge bases. It is an AI Agent Skill for Claude Code / OpenClaw, with 1108 downloads so far.

How do I install Ragflow API Client?

Run "/install ragflow" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ragflow API Client free?

Yes, Ragflow API Client is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Ragflow API Client support?

Ragflow API Client is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Ragflow API Client?

It is built and maintained by angusthefuzz (@angusthefuzz); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments