← Back to Skills Marketplace

Raon OS

Name: Raon OS
Author: lifeissea

by Tomas · GitHub ↗ · v0.7.28 · MIT-0

cross-platform ⚠ suspicious

822

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install raon-os

Description

AI-powered startup companion for Korean founders. Evaluate business plans, match government funding programs (TIPS/DeepTech/Global TIPS), connect with 3,972+...

Usage Guidance

This skill appears to do what it says (business-plan evaluation, government program crawlers, RAG, local REST API). Before installing or running it, consider: 1) Secrets: it recommends storing LLM API keys in ~/.openclaw/.env — ensure that file is protected (chmod 600) or keep keys in a secure vault; 2) Local server exposure: by default it runs an HTTP server (port 8400) and includes instructions for ngrok and installing a service — do not expose the server to the public without reviewing server.py, admin endpoints, and adding proper firewall/reverse-proxy protections; 3) Persistence: the skill writes data under eval_data/ and history files and may append to JSONL files; if you are concerned about sensitive PDFs or PII, run it in an isolated environment or container and inspect parse/evaluate scripts first; 4) Review install-service.sh and any systemd/service scripts before using them; 5) Allowed-domain fetch: the crawlers fetch public government sites and the code documents an allowlist for realtime fetches — if you plan to expose the server to third parties, verify the is_allowed_url() logic in server/rag_pipeline to ensure arbitrary outbound fetches are blocked; 6) Test code note: the repo includes test fixtures (conftest.py) that mock authentication for tests — this is normal for tests but ensure you are not running the test harness in production mode. If any of these behaviors are unacceptable, run the skill in a sandbox or review/modify the code before use.

Capability Analysis

Type: OpenClaw Skill Name: raon-os Version: 0.7.28 The raon-os skill is a comprehensive startup assistant designed to evaluate business plans, match government funding, and provide valuation estimates. It implements a RAG (Retrieval-Augmented Generation) pipeline using various LLM providers (Gemini, OpenAI, OpenRouter) and includes a local HTTP API server (server.py) to power a web widget. Security-conscious features are present, such as SSRF protection via domain whitelisting, input sanitization to mitigate prompt injection, and restricting administrative API endpoints to localhost. The network activities, including crawling government sites and communicating with LLM APIs, are transparently documented and aligned with the skill's stated purpose.

Capability Assessment

✓ Purpose & Capability

Name/description (startup companion, biz-plan evaluation, gov-funding matching, Kakao integration, RAG pipeline, crawlers) align with included files (evaluation scripts, crawlers, rag_pipeline, server, kakao webhook helpers, widget). Required bins (python3, node) are appropriate: python drives core logic and node provides a thin CLI wrapper. No bizarre or unrelated credentials/binaries are requested.

ℹ Instruction Scope

SKILL.md instructs running local server (default port 8400), CLI scripts (raon.sh), and crawlers that fetch public government sites; it also specifies storing LLM API keys in ~/.openclaw/.env and running evaluate scripts on PDF content. These instructions stay within the declared purpose, but they do instruct the agent to read/write local files (eval_data/, ~/.openclaw/.env, history.jsonl) and to make outbound HTTP requests to public sites. The skill also suggests using install-service.sh and exposing endpoints via ngrok — actions that increase network exposure and should be reviewed by the user before execution.

✓ Install Mechanism

No external download/install step in registry metadata (instruction-only install). The package includes source files bundled with the skill; there is no installer that fetches remote archives. That is lower risk than remote downloads. The bundle does include a script that can install a system service (install-service.sh mentioned in README) — review that script before running.

ℹ Credentials

SKILL.md documents optional LLM API keys (GEMINI/OPENROUTER/ANTHROPIC/OPENAI) and optional SaaS/Supabase variables for managed mode or feedback storage. Those environment variables are coherent with the described LLM and persistence features. The skill does recommend storing API keys in ~/.openclaw/.env (chmod 600 suggested) — this is expected but worth noting because secrets are persisted to disk. No unrelated credentials (AWS, SSH, etc.) are requested by default.

ℹ Persistence & Privilege

The skill does not request always:true and uses default autonomous invocation behavior. It will run a local HTTP server, create and append to local data files (eval_data/*.jsonl, history.jsonl, ~/.openclaw/.env), and the README mentions installing a system service. These behaviors are consistent with a local agent/toolset but do mean the skill will persist data and open network endpoints if you run the server or the install-service script — review those steps and firewall settings before exposing anything publicly. The SKILL.md includes sensible cautions (admin API restricted to localhost, advice to block /api/keys/* via nginx/firewall).

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install raon-os
After installation, invoke the skill by name or use /raon-os
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.7.28

Auto-sync 2026-03-28

v0.7.27

test

v0.7.26

Fix: include raon.sh CLI wrapper, add security/data-flow docs, address review findings

v0.7.25

Security: sanitize all placeholder keys in SKILL.md

v0.7.24

Security: exclude test files, supabase_client, agentic_rag from package

v0.7.23

security: bandit Medium=0 High=0 (# nosec suppression + kakao_webhook.py try-block fix)

v0.7.22

이름 수정: SKILL.md name 필드 슬러그별 고유명으로 변경

v0.7.21

보안패치 v0.7.21: SSRF 도메인 화이트리스트(RAON_API_URL/SUPABASE_URL), 프롬프트 인젝션 방어 추가

v0.7.20

보안패치: localhost auth bypass 제거, 카카오 웹훅 서명 미설정 시 거부 (VirusTotal 지적 해결)

v0.7.19

이름 수정: 슬러그별 고유 이름 부여

v0.7.18

보안패치: 위험 스크립트(launchctl/subprocess) 완전 제거, 클린 25파일

v0.7.17

보안패치: subprocess/launchctl 스크립트 배포 제외

v0.7.16

보안 패치: launchctl 스크립트 배포 제외

v0.7.15

fix: eval_data excluded from npm package, size 143KB (was 2MB+)

v0.7.14

Re-scan: VirusTotal cache refresh (code identical to startup-agent v0.7.13)

v0.7.13

semver 통일 (0.7.x), 보안패치, 피드백 파이프라인

v0.7.12

Version 0.7.12 - No file changes detected; this release is functionally identical to version 0.7.10. - Documentation and metadata remain unchanged from previous release.

v2026.2.23

security: launchctl 분리(install-service.sh), URL SSRF 화이트리스트, admin API localhost 제한

v0.7.10

Remove all hardcoded paths, add chmod 600 guidance, security improvements

v0.7.9

Fix: declared node+python3 requires, expanded security notes, chmod 600 guidance

Metadata

Slug raon-os

Version 0.7.28

License MIT-0

All-time Installs 2

Active Installs 2

Total Versions 23

Frequently Asked Questions

What is Raon OS?

AI-powered startup companion for Korean founders. Evaluate business plans, match government funding programs (TIPS/DeepTech/Global TIPS), connect with 3,972+... It is an AI Agent Skill for Claude Code / OpenClaw, with 822 downloads so far.

How do I install Raon OS?

Run "/install raon-os" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Raon OS free?

Yes, Raon OS is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Raon OS support?

Raon OS is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Raon OS?

It is built and maintained by Tomas (@lifeissea); the current version is v0.7.28.

More Skills