← Back to Skills Marketplace
573
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install ragie-rag
Description
Execute Retrieval-Augmented Generation (RAG) using Ragie.ai. Use this skill whenever the user wants to: - Search their knowledge base - Ask questions about u...
Usage Guidance
What to check before installing:
- Metadata mismatch: the registry summary claims no required env/credentials but the SKILL.md and bundled scripts require RAGIE_API_KEY and python3. Confirm which metadata is authoritative and ask the publisher to fix the registry entry before installing.
- Secrets: the scripts will send uploaded file contents and metadata to https://api.ragie.ai using whatever RAGIE_API_KEY you provide. Only use an API key you trust to grant that service access to your documents; avoid ingesting secrets or PII unless you trust Ragie.
- Local .env: the scripts call load_dotenv() so a local .env file can supply the key. Ensure you don't commit .env to source control and keep the key rotated if compromised.
- Dependencies: the package expects requests and python-dotenv. There is no automated installer; ensure the execution environment has python3 and these packages (pip install requests python-dotenv) or run the scripts in an isolated environment.
- Inspect & control ingress: ingest.py opens user-specified file paths and posts them to Ragie; review and sanitize any files you plan to upload. Consider running the scripts locally rather than granting broad agent-level execution if you have sensitive data.
- If you want higher assurance: ask the publisher to correct registry metadata, provide a reproducible install spec (or a vetted package), and sign the release. If those fixes are made, the skill appears coherent and appropriate for RAG use.
Confidence note: medium — the code and instructions are consistent with the described purpose, but the contradictory registry metadata reduces confidence. If registry metadata is corrected to declare RAGIE_API_KEY and python3/requests/python-dotenv, this would increase confidence to high.
Capability Analysis
Type: OpenClaw Skill
Name: ragie-rag
Version: 1.0.2
The skill bundle is classified as suspicious due to significant vulnerabilities related to input handling and arbitrary file access, despite lacking explicit malicious intent. The `SKILL.md` instructs the AI agent to execute shell commands with arguments derived from user input (e.g., `--file`, `--url`, `--name`, `--query`), which creates a shell injection risk if the agent does not properly sanitize these inputs. Furthermore, `scripts/ingest.py` allows ingesting arbitrary local files or URLs via the `--file` and `--url` arguments. This could be exploited by a compromised agent to exfiltrate sensitive local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) to the legitimate Ragie.ai service, which constitutes an unauthorized data exposure risk. No direct malicious code (e.g., unauthorized exfiltration to third-party domains, backdoors, persistence) was found, and `SKILL.md` even includes instructions to prevent data leakage.
Capability Assessment
Purpose & Capability
The name/description (Ragie.ai RAG) align with the included scripts: ingest.py, manage.py, and retrieve.py implement ingestion, listing/status/delete, and retrieval against https://api.ragie.ai. Requiring a single API key (RAGIE_API_KEY) and python is consistent with the stated purpose. However the registry-level summary at the top of the submission (Required env vars: none, Primary credential: none) contradicts the SKILL.md and the scripts which both require RAGIE_API_KEY. This mismatch in published metadata vs. actual runtime requirements is an inconsistency that should be resolved.
Instruction Scope
SKILL.md gives explicit, narrow instructions to run the included Python scripts for ingestion, management, and retrieval. The scripts only access user-provided files/URLs and the RAGIE API, and do not attempt to read unrelated system files. They use dotenv (so they will load a .env file if present) and will POST files or JSON to api.ragie.ai as expected by the skill's purpose.
Install Mechanism
No install spec is provided (instruction-only install), and the code is shipped as plain Python scripts. The scripts depend on python3 plus two Python packages (requests, python-dotenv) as declared in SKILL.md metadata; however no automated install is provided and the registry summary did not list these. This is low risk functionally but operationally you'll need to ensure the runtime has python3 and the required packages installed.
Credentials
The only secret the skill needs is RAGIE_API_KEY, which is proportionate to a RAG API integration. The scripts load environment variables via python-dotenv (load_dotenv), so they may read a local .env file; this is standard but you should ensure .env is not committed. The main proportional concern is the metadata inconsistency: the registry reported no required env/credentials while the skill actually requires the API key.
Persistence & Privilege
The skill does not request permanent presence (always: false) and does not modify other skills or system-wide settings. It only executes on invocation and runs CLI scripts that interact with Ragie. No elevated privileges are requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ragie-rag - After installation, invoke the skill by name or use
/ragie-rag - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Added explicit OpenClaw-compatible metadata under a new metadata key in SKILL.md.
- Metadata specifies required binaries, environment variables, Python dependencies, and credential instructions.
- No functional or workflow changes.
v1.0.1
- Added requirement for RAGIE_API_KEY environment variable.
- Documented required Python dependencies: requests, python-dotenv.
- Installation instructions and environment setup details now included.
- Skill now enforces immediate failure if API key is missing.
- No changes to API or workflow logic.
v1.0.0
Version 1.0.0 of ragie-rag
- Initial release introducing Retrieval-Augmented Generation (RAG) using Ragie.ai.
- Provides deterministic workflows for document ingestion, retrieval, and management.
- Ensures grounded question answering with strict rules to prevent hallucination.
- Supports file and URL ingestion, document listing, status checking, and deletion.
- Requires all answers to be based only on retrieved knowledge and clearly cites document sources.
- Comprehensive error handling and security guidelines included.
Metadata
Frequently Asked Questions
What is Ragie.ai-RAG?
Execute Retrieval-Augmented Generation (RAG) using Ragie.ai. Use this skill whenever the user wants to: - Search their knowledge base - Ask questions about u... It is an AI Agent Skill for Claude Code / OpenClaw, with 573 downloads so far.
How do I install Ragie.ai-RAG?
Run "/install ragie-rag" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Ragie.ai-RAG free?
Yes, Ragie.ai-RAG is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Ragie.ai-RAG support?
Ragie.ai-RAG is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Ragie.ai-RAG?
It is built and maintained by Hatim-BE (@hatim-be); the current version is v1.0.2.
More Skills