← Back to Skills Marketplace

Rag Retrieve

Name: Rag Retrieve
Author: stephenlthorn

by Stephen Thorn · GitHub ↗ · v2.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install rag-retrieve

Description

Performs domain- and version-aware hybrid vector+BM25+metadata search on TiDB, with multi-query expansion and optional chain-of-retrieval for multi-hop queries.

Usage Guidance

Do not install blindly. Confirm with the author/source: (1) Why the registry shows no required env vars/binaries while SKILL.md lists python3, pymysql/aiohttp and five sensitive endpoints (OPENCLAW_LLM_ENDPOINT, TIDB_HOST, TIDB_PORT, EMBEDDING_ENDPOINT, RERANKER_ENDPOINT). (2) Where do the endpoints point (internal private network vs third-party SaaS)? If endpoints are external, your code and documents could be sent to them during embedding/reranking. (3) Whether 'user_codebase' must be enabled; if not needed, set user_codebase=false to avoid including local code. (4) What shell/file-system commands the skill will actually run — ask for a minimal runtime log or code snippet. Prefer to run the skill in an isolated environment with network controls and internal-only endpoints. If the author can't explain the registry/SKILL.md discrepancies or the endpoints' hosts, treat the skill as untrusted.

Capability Analysis

Type: OpenClaw Skill Name: rag-retrieve Version: 2.0.0 The rag-retrieve skill implements a sophisticated RAG pipeline featuring multi-query expansion, hybrid search in TiDB, and multi-hop retrieval (CoRAG). It utilizes local services for embeddings and reranking via shell-based curl commands and connects to a local TiDB instance. While the skill uses high-privilege tools and contains minor security flaws like hardcoded local database credentials (root with no password in SKILL.md), its behavior is entirely consistent with its stated purpose of document retrieval and lacks any evidence of malicious intent, data exfiltration, or unauthorized remote execution.

Capability Assessment

ℹ Purpose & Capability

The SKILL.md describes a TiDB hybrid vector+BM25 retrieval pipeline (embeddings, reranker, LLM query expansion) which is coherent with the skill name and description. However, the published registry entry claims no required env vars/binaries while the SKILL.md metadata lists python3, pymysql/aiohttp, and env vars (OPENCLAW_LLM_ENDPOINT, TIDB_HOST, TIDB_PORT, EMBEDDING_ENDPOINT, RERANKER_ENDPOINT). That mismatch is unexpected.

⚠ Instruction Scope

Instructions and architecture reference accessing domain-specific and 'user_codebase' chunks, embedding/reranker/LLM endpoints, and list tools including shell and file-system. Default user_codebase=true means the skill will include user code by default (potentially exposing sensitive code to external endpoints). The SKILL.md does not show explicit safeguards or limits on what filesystem/shell actions are performed, which increases risk.

✓ Install Mechanism

This is an instruction-only skill (no install spec, no code files). That keeps install risk low because nothing is written by an installer, but runtime behavior still matters.

ℹ Credentials

The endpoints and DB connection env vars declared inside SKILL.md (TiDB host/port, embedding/llm/reranker endpoints) are appropriate for a retrieval skill. However the registry listing omits these requirements—an inconsistency that prevents the platform from showing needed permissions up-front. The number and type of env vars are reasonable for the described functionality but are sensitive and should be explicitly declared in the registry.

ℹ Persistence & Privilege

The skill is not marked always:true. Triggers in the SKILL.md claim it's 'always called by coding-orchestrator before generation', which conflicts with the published flags. The skill also advertises use of shell and file-system tools; while not inherently malicious, these increase the blast radius if the skill is invoked automatically or with broad permissions.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install rag-retrieve
After installation, invoke the skill by name or use /rag-retrieve
Provide required inputs per the skill's parameter spec and get structured output

Version History

v2.0.0

**rag-retrieve 2.0.0 — Major architecture upgrade and new features** - Adds multi-query expansion for richer, more comprehensive retrievals. - Implements fast, version-aware filtering (essential for accurate iOS documentation). - Supports hybrid vector + BM25 + metadata search via TiDB. - Optional CoRAG (chain-of-retrieval) enables multi-hop reasoning and context accumulation. - Output includes direct trace of retrieval steps, estimated token count, and query variants. - Flexible filtering: domain, iOS version, frameworks, and user codebase now supported.

Metadata

Slug rag-retrieve

Version 2.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Rag Retrieve?

Performs domain- and version-aware hybrid vector+BM25+metadata search on TiDB, with multi-query expansion and optional chain-of-retrieval for multi-hop queries. It is an AI Agent Skill for Claude Code / OpenClaw, with 98 downloads so far.

How do I install Rag Retrieve?

Run "/install rag-retrieve" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Rag Retrieve free?

Yes, Rag Retrieve is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Rag Retrieve support?

Rag Retrieve is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Rag Retrieve?

It is built and maintained by Stephen Thorn (@stephenlthorn); the current version is v2.0.0.

More Skills