← Back to Skills Marketplace
cryptobro-man

Shared Pinecone RAG

by cryptobro-man · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
406
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install shared-pinecone-rag
Description
Use the shared Pinecone RAG index for any agent in this workspace. Use when an agent needs to ingest markdown/text docs into pulse-rag or query semantic cont...
Usage Guidance
This skill is plausible for sharing a Pinecone-based RAG, but there are several red flags to check before installing or invoking it: - The manifest does not declare PINECONE_API_KEY or any required env vars, but SKILL.md says the key must be set in rag-pinecone-starter/.env. Confirm where the key lives and whether it should be explicitly declared in the skill manifest. - The instructions and scripts use a hard-coded absolute path (/home/Mike/.openclaw/workspace/rag-pinecone-starter). Ensure the path is correct for your environment and not pointing to another user's home. Prefer a workspace-relative path. - The actual behavior is inside ingest.py and query.py, which are not included here. Do NOT run the scripts until you inspect those Python files to confirm they only contact Pinecone (or other expected endpoints), handle secrets safely, and do not exfiltrate data to unknown endpoints. - Treat the Pinecone API key as sensitive. If you proceed, limit the key's permissions where possible and rotate it if you later remove the skill. - Consider running the ingest process in an isolated environment (container or dedicated service account) and test with non-sensitive data first. If you can provide ingest.py and query.py (or modify the skill to declare the required env var and use workspace-relative paths), the assessment could be upgraded to benign if their code matches the stated purpose.
Capability Analysis
Type: OpenClaw Skill Name: shared-pinecone-rag Version: 1.0.1 The skill bundle is classified as benign. Its purpose is to provide a shared Pinecone RAG (Retrieval Augmented Generation) capability, which involves ingesting documents and querying an index. The `SKILL.md` provides clear, non-malicious instructions for the AI agent, without any prompt injection attempts. The shell scripts (`scripts/ingest-shared-rag.sh`, `scripts/query-shared-rag.sh`) are straightforward wrappers that execute local Python scripts (`ingest.py`, `query.py`) within a virtual environment. While the content of these Python scripts is not provided, the shell scripts themselves handle arguments safely and do not exhibit any malicious behaviors such as data exfiltration, unauthorized remote execution, persistence mechanisms, or obfuscation. The file and network access are consistent with the stated RAG functionality.
Capability Assessment
Purpose & Capability
The skill claims to provide a shared Pinecone RAG retrieval/ingest layer, which matches the included scripts that run ingest/query. However the SKILL.md requires a PINECONE_API_KEY and a Python venv stored inside a specific user path ('/home/Mike/.openclaw/workspace/rag-pinecone-starter') while the registry metadata lists no required credentials or env vars — that's an incoherence. The absolute path to a specific user's home (Mike) is surprising for a workspace-shared skill and reduces portability.
Instruction Scope
Runtime instructions tell agents to cd into /home/Mike/... and run scripts which activate a .venv and call python ingest.py / query.py. The scripts themselves are tiny wrappers, but the substantive behavior lives in ingest.py and query.py which are not included for review. Those Python programs will likely load the PINECONE_API_KEY from rag-pinecone-starter/.env and may transmit ingested documents to Pinecone — this is expected for a RAG skill but cannot be audited here. The SKILL.md also instructs placing files under that hard-coded docs path, meaning the skill will read host filesystem content in that directory.
Install Mechanism
No install spec — instruction-only with two small shell scripts. This is lower risk from an installation perspective because nothing is downloaded or extracted by the skill itself. However the skill depends on a pre-existing python venv and unseen python scripts.
Credentials
The manifest declares no required environment variables, yet SKILL.md explicitly says 'PINECONE_API_KEY must be set in rag-pinecone-starter/.env' and the scripts activate a .venv (expected). Requiring a secret API key but not declaring it in the skill metadata is an inconsistency. Storing the API key in a repo-local .env is a design choice but increases risk: the key allows write/read access to the shared Pinecone index and could be used to exfiltrate documents if the unseen Python code is malicious or misconfigured.
Persistence & Privilege
The skill is not marked always:true and does not request elevated persistent presence. Autonomous invocation is allowed (default). Because the skill has access to a network-capable pinecone API key (per SKILL.md) and reads local docs, autonomous invocation combined with an undisclosed credential increases blast radius — verify credentials and code before letting the agent call this skill without supervision.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install shared-pinecone-rag
  3. After installation, invoke the skill by name or use /shared-pinecone-rag
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Docs update: advertise combined usage with hybrid-db-health as Persistent Memory skill stack.
v1.0.0
Initial release: shared ingest/query scripts for pulse-rag.
Metadata
Slug shared-pinecone-rag
Version 1.0.1
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Shared Pinecone RAG?

Use the shared Pinecone RAG index for any agent in this workspace. Use when an agent needs to ingest markdown/text docs into pulse-rag or query semantic cont... It is an AI Agent Skill for Claude Code / OpenClaw, with 406 downloads so far.

How do I install Shared Pinecone RAG?

Run "/install shared-pinecone-rag" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Shared Pinecone RAG free?

Yes, Shared Pinecone RAG is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Shared Pinecone RAG support?

Shared Pinecone RAG is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Shared Pinecone RAG?

It is built and maintained by cryptobro-man (@cryptobro-man); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments