← Back to Skills Marketplace
506
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install ragtop-planner
Description
面向外部 OpenClaw 的达人推广方案制定 Skill。基于 RAGTOP 三个工具接口(list_kb/list_doc/retrieval)执行四阶段工作流:规则提炼、案例总结、达人筛选、方案生成。
Usage Guidance
This skill appears coherent and implements what it claims: it will call a RAGTOP service using the provided RAGTOP_API_TOKEN and optional RAGTOP_API_URL, retrieve documents, and synthesize a plan. Before installing, confirm these points: (1) Verify you intend the agent to contact the RAGTOP host—SKILL.md defaults to an internal IP (http://10.71.10.71:9380); change RAGTOP_API_URL if that is not your service. (2) Provide a token with the least privilege needed and confirm the token's tenant/scope; the token gives access to knowledge bases and document contents. (3) Understand that retrieved documents and user queries will be sent to the RAGTOP service—do not use a token that grants access to sensitive data you don't want exposed. (4) Ensure your agent environment can make outbound HTTP calls (the docs use curl) and that network routing to the default host is expected. (5) The skill uses LLM prompts to avoid hallucinations and require traceability, but you should still review generated plans and citations before acting. If you are concerned about autonomous invocation, restrict or audit when the skill can be used or require explicit user invocation.
Capability Analysis
Type: OpenClaw Skill
Name: ragtop-planner
Version: 1.0.2
The skill is classified as suspicious primarily due to the default `RAGTOP_API_URL` being hardcoded to a private IP address (`http://10.71.10.71:9380`) in `SKILL.md` and `references/workflow.md`. While the skill's stated purpose is to interact with an internal RAGTOP service, this default configuration presents a potential Server-Side Request Forgery (SSRF) vulnerability. If the agent's execution environment allows access to other internal services, and the URL could be manipulated (e.g., via environment variable override or prompt injection if the agent were to dynamically construct the URL based on user input), it could be exploited. No other malicious indicators such as data exfiltration, persistence, or malicious prompt injection attempts were found; the prompts are well-constrained and aim for accurate, controlled LLM behavior.
Capability Assessment
Purpose & Capability
Name/description state the skill will use RAGTOP's list_kb/list_doc/retrieval APIs; the only required credential is RAGTOP_API_TOKEN (primary) and an optional RAGTOP_API_URL. Required items align with the stated function—no unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md gives detailed runtime instructions to call RAGTOP endpoints, run multi-step retrieval and LLM summarization, and return traceable citations. This stays within the planning purpose. Two practical notes: (1) the docs assume the agent can perform HTTP calls (curl examples) though no curl binary is declared; (2) the default RAGTOP_API_URL points to a private IP (http://10.71.10.71:9380), so network traffic will go to that internal host unless the user overrides it—users should confirm that host is expected and trusted.
Install Mechanism
Instruction-only skill with no install spec and no code files—nothing is downloaded or written to disk by the skill bundle itself, which is the lowest-risk install model.
Credentials
Only RAGTOP_API_TOKEN is required (primary). An optional RAGTOP_API_URL is documented. The requested environment access is proportional to a skill that must call an external RAGTOP service. No additional secret/env requests appear.
Persistence & Privilege
The skill is not forced-always, does not request persistent/privileged presence, and does not instruct modifying other skills or system-wide settings. Autonomous model invocation remains enabled (platform default) but is not a new privilege requested by the skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ragtop-planner - After installation, invoke the skill by name or use
/ragtop-planner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Update with FH Workflow details
v1.0.1
Initial release
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is ragtop-planner?
面向外部 OpenClaw 的达人推广方案制定 Skill。基于 RAGTOP 三个工具接口(list_kb/list_doc/retrieval)执行四阶段工作流:规则提炼、案例总结、达人筛选、方案生成。 It is an AI Agent Skill for Claude Code / OpenClaw, with 506 downloads so far.
How do I install ragtop-planner?
Run "/install ragtop-planner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ragtop-planner free?
Yes, ragtop-planner is completely free (open-source). You can download, install and use it at no cost.
Which platforms does ragtop-planner support?
ragtop-planner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ragtop-planner?
It is built and maintained by Pt Hanabi (@qbs784); the current version is v1.0.2.
More Skills