← Back to Skills Marketplace
Qdrant Advanced
by
yoder-bawt
· GitHub ↗
· v1.0.0
731
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install qdrant-advanced
Description
Advanced Qdrant vector database operations for AI agents. Semantic search, contextual document ingestion with chunking, collection management, snapshots, and...
Usage Guidance
This skill provides local shell scripts that will (a) send document text and queries to OpenAI to generate embeddings, and (b) send data to your Qdrant host. Before installing or running: 1) Be aware that any files you ingest will be transmitted to OpenAI — do not ingest sensitive or regulated data unless you have reviewed your policy and the OpenAI terms. 2) If your Qdrant is remote, note the scripts use HTTP (not HTTPS) by default; consider running Qdrant locally or modifying scripts to use HTTPS and to include an Authorization header. 3) The SKILL.md mentions QDRANT_API_KEY but the scripts do not use it — if your Qdrant requires authentication you will need to add authorization headers to curl calls. 4) There are small code issues (e.g., a typo in manage.sh optimizer call) and typical shell-quoting fragility — review and test the scripts in an isolated environment before running on production data. 5) Limit the OpenAI key's scope and monitor usage/quotas if possible (rotate or use an organization key with usage limits) to reduce blast radius.
Capability Analysis
Type: OpenClaw Skill
Name: qdrant-advanced
Version: 1.0.0
The skill bundle contains multiple critical vulnerabilities across several shell scripts. `ingest.sh` is vulnerable to local file inclusion and Python command injection via unsanitized `$FILE_PATH`, `$CHUNK_STRATEGY`, and `$METADATA_JSON`. `search.sh` and `migrate.sh` are susceptible to JSON and Python command injection due to direct interpolation of `$QUERY` and `$FILTER_JSON` into `curl` payloads and embedded Python scripts. `manage.sh` has a shell injection vulnerability if Qdrant collection names contain malicious characters. `backup.sh` allows arbitrary file writes via an unsanitized `$OUTPUT_PATH`. These flaws could enable an attacker to achieve arbitrary code execution or file system manipulation, classifying the bundle as suspicious due to these high-risk vulnerabilities.
Capability Assessment
Purpose & Capability
Name/description match the delivered artifacts: the repository includes search, ingest, manage, backup, and migrate scripts that call Qdrant and generate embeddings with OpenAI. Required binaries (curl, python3, bash) and an OpenAI API key are appropriate for these tasks.
Instruction Scope
The scripts will transmit user content and query text to OpenAI's embeddings API (https://api.openai.com/v1/embeddings) — this is expected for embedding generation but is effectively external data transmission. Qdrant calls use plain HTTP (QDRANT_URL="http://..."), so if you point the scripts to a remote Qdrant host traffic (including payloads) may be unencrypted. The SKILL.md and examples instruct you to export OPENAI_API_KEY and run the scripts, which is consistent with their behaviour.
Install Mechanism
No install spec; the skill is instruction+script based and does not download or extract external code at install time. The payload is a set of local shell/python scripts (no remote installs), which reduces supply-chain risk.
Credentials
OPENAI_API_KEY is required and used for embeddings (consistent with ingest/search/re-embedding). QDRANT_HOST and QDRANT_PORT are used and sensible. SKILL.md mentions an optional QDRANT_API_KEY but none of the scripts actually read or use QDRANT_API_KEY for Authorization — a mismatch you should be aware of (if your Qdrant requires auth the scripts will fail or leak data). The skill declares QDRANT_HOST/QDRANT_PORT/OPENAI_API_KEY as required in metadata even though the docs show defaults for host/port; this is a minor inconsistency.
Persistence & Privilege
always is false and the skill does not attempt to modify other skill configs or persist itself. It performs normal CRUD operations against the Qdrant server and local uploads; no privileged or persistent platform-level operations are requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install qdrant-advanced - After installation, invoke the skill by name or use
/qdrant-advanced - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of qdrant-advanced: a comprehensive toolkit for advanced Qdrant operations.
- Semantic search across multiple collections with flexible filters and thresholds.
- Intelligent document ingestion using customizable chunking strategies.
- Scripts for end-to-end collection management: create, list, info, optimize, and delete.
- Integrated snapshot tools for backup and restore.
- Migration utilities supporting collection copy, model upgrades, and filtered migrations.
- Production-ready Bash & Python scripts designed for real-world AI agent workflows.
Metadata
Frequently Asked Questions
What is Qdrant Advanced?
Advanced Qdrant vector database operations for AI agents. Semantic search, contextual document ingestion with chunking, collection management, snapshots, and... It is an AI Agent Skill for Claude Code / OpenClaw, with 731 downloads so far.
How do I install Qdrant Advanced?
Run "/install qdrant-advanced" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Qdrant Advanced free?
Yes, Qdrant Advanced is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Qdrant Advanced support?
Qdrant Advanced is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Qdrant Advanced?
It is built and maintained by yoder-bawt (@yoder-bawt); the current version is v1.0.0.
More Skills