← Back to Skills Marketplace
ResearchVault
by
Luka Raivisto
· GitHub ↗
· v3.0.5
4832
Downloads
6
Stars
2
Active Installs
46
Versions
Install in OpenClaw
/install researchvault
Description
Local-first research orchestration engine. Manages state, synthesis, and optional background services (MCP/Watchdog).
Usage Guidance
Install only if you want a local research database and are comfortable with optional web search and ingestion. Keep the portal bound to localhost, protect the portal token, avoid enabling private-network fetches unless you intentionally need them, and remember that Brave/other search queries may leave your machine when configured and invoked.
Capability Assessment
Purpose & Capability
The CLI, SQLite storage, portal, web ingestion, search, verification, MCP, and watchdog capabilities fit the stated research orchestration purpose and are described in SKILL.md, README.md, and SECURITY.md.
Instruction Scope
The skill is user-invocable, sets disable-model-invocation: true, and documents manual commands for portal and optional services; I found no hidden prompt overrides or automatic agent-start instructions.
Install Mechanism
Installation is documented as manual pip editable install; portal startup is also manual and creates local token/PID state while running dependency checks, with no install-time autorun or persistence hook found.
Credentials
Environment variables for DB paths, portal token, and optional search providers are purpose-aligned and disclosed; portal subprocess execution explicitly strips provider secrets, though diagnostics expose local paths/config status to authenticated portal users.
Persistence & Privilege
Persistent state is local SQLite plus portal auth/state files, and background watchdog/MCP services require explicit startup; the private-network fetch bypass is user-controlled and disclosed but should be treated as sensitive.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install researchvault - After installation, invoke the skill by name or use
/researchvault - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.0.5
Removed install action mismatch, removed OpenClaw DB access from portal, and removed subprocess secret injection behavior.
v3.0.4
Manifest schema alignment, DB root policy hardening, strict OpenClaw scan gating, and env-only secret handling.
vv3.0.3
**v3.0.3: Portal authentication, secret management, and environment revamp**
- Switched Portal backend authentication to rely solely on the RESEARCHVAULT_PORTAL_TOKEN environment variable.
- Added/updated environment variables for finer-grained Portal control (state dir, PID dir, allowlist bypass, cookie settings, etc).
- Enhanced secret management: new options for persisting and injecting provider secrets, plus improved secrets storage location and test coverage.
- Expanded documentation of environment variables in SKILL.md for clarity and precision.
- Updated backend/frontend components to support improved configuration, diagnostics, and secret handling.
- Added a test file for Portal secret controls (tests/test_portal_secret_controls.py).
vv3.0.1
- Added new environment variables for Portal configuration, including options for scanning workspace memory, persisting and injecting secrets, fixed authentication tokens, and additional search providers (SERPER_API_KEY, SEARXNG_BASE_URL).
- Updated SKILL.md to document the new environment variables and their descriptions.
- Minor backend and test adjustments to support new configuration options and enhance flexibility.
vv3.0.0
Major release: introduces a local web portal for managing ResearchVault.
- Added new web portal with separate backend (FastAPI) and frontend (Vite/React) for local research management.
- Frontend and backend can be started via `./start_portal.sh` with browser-based token login.
- Portal enforces the same strong SSRF/networking protections as the CLI, with explicit user opt-in to private network access.
- Updated documentation to cover portal usage, endpoints, and parity with CLI security.
- Internal codebase expanded and refactored to support portal APIs, state management, and secure token handling.
v2.6.2
Security hardening: strict SSRF protection, isolated background services, and finalized metadata transparency for ClawHub.
v2.6.1
Security hardening: formalized environment requirements, gated network services, and improved metadata transparency.
v2.6.0
Security hardening: removed portal, added strict I/O contracts, disabled autonomous model invocation, and formalized local-first storage.
v2.5.2
Security Hardening: path sanitization and enhanced scrubbing
v2.5.1
Fixing display name.
v2.5.0
Autonomous Strategist release.
v2.4.1
Standardized metadata.
v2.3.5
Final sync.
v2.3.4
Final sync.
v2.3.3
Final sync.
v2.3.2
Final sync.
v2.3.1
Final sync.
v2.3.0
Final sync.
v2.2.9
Final sync.
v2.2.8
Final sync.
Metadata
Frequently Asked Questions
What is ResearchVault?
Local-first research orchestration engine. Manages state, synthesis, and optional background services (MCP/Watchdog). It is an AI Agent Skill for Claude Code / OpenClaw, with 4832 downloads so far.
How do I install ResearchVault?
Run "/install researchvault" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ResearchVault free?
Yes, ResearchVault is completely free (open-source). You can download, install and use it at no cost.
Which platforms does ResearchVault support?
ResearchVault is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ResearchVault?
It is built and maintained by Luka Raivisto (@lraivisto); the current version is v3.0.5.
More Skills