← Back to Skills Marketplace
RAGLite
by
Viraj Sanghvi
· GitHub ↗
· v1.0.0
1464
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install virajsanghvi1-raglite
Description
Local-first RAG cache: distill docs into structured Markdown, then index/query with Chroma + hybrid search (vector + keyword).
Usage Guidance
Key things to check before installing/using RAGLite:
- Understand the default engine behavior: the provided wrapper script will inject '--engine openclaw' if you don't pass --engine yourself, which causes the tool to use the OpenClaw gateway by default. That may send distilled document content to that gateway — do not run it on sensitive docs unless you trust the gateway and its operator.
- OPENCLAW_GATEWAY_TOKEN is referenced in the docs but not declared in the skill metadata. Treat that as a sensitive credential: only set it if you trust the gateway and understand where requests go.
- The install performs 'pip install git+...@main' (unpinning to main). Review the GitHub repo (https://github.com/VirajSanghvi1/raglite) before installing, and prefer a pinned release or commit SHA to avoid unexpected changes. Consider auditing the package's setup/entry points.
- Ensure required local dependencies are present: python3 (3.11+), pip, ripgrep (rg) for keyword search, and a Chroma server if you intend to index locally. The skill metadata only listed python3/pip — install rg yourself if you need keyword matching.
- If you want strictly local operation, explicitly pass a local engine (do not rely on the default) and confirm the tool is not configured to point to a remote Chroma instance or gateway. Run the install in an isolated environment (VM/container) if you want to limit risk.
- If unsure, request the upstream repository URL and review its code (especially any install-time hooks) or ask the provider to publish a tagged release and declare required env vars.
Capability Analysis
Type: OpenClaw Skill
Name: virajsanghvi1-raglite
Version: 1.0.0
The skill bundle is classified as suspicious due to its installation method. The `scripts/install.sh` file installs the `raglite` package directly from a remote GitHub repository (`git+https://github.com/VirajSanghvi1/raglite.git@main`). This introduces a significant supply chain risk, as the integrity and security of the skill are dependent on the external repository. If the upstream repository were compromised, malicious code could be injected into the skill's runtime environment without direct modification of the provided skill bundle files.
Capability Assessment
Purpose & Capability
The skill claims to be a local-first RAG cache (Chroma + ripgrep) but the registry metadata only requires python3/pip; the SKILL.md also lists ripgrep and a reachable Chroma server as prerequisites. The SKILL.md further advertises OpenClaw as the default condensation engine, which implies network interaction outside the local components — this is not reflected in the declared requirements. In short: some required tools and network dependencies the docs mention (rg, OpenClaw gateway) are not declared in the skill metadata.
Instruction Scope
Runtime instructions and the entrypoint script automatically inject '--engine openclaw' when the user does not supply an --engine argument, which will cause the tool to use the OpenClaw gateway by default (possible remote model service). That can result in document content being sent off-machine unless the user explicitly overrides the engine. The SKILL.md mentions OPENCLAW_GATEWAY_TOKEN but the skill does not declare or require that env var — the runtime instructions therefore rely on an undocumented sensitive variable and network endpoint.
Install Mechanism
Installation is via pip from a GitHub repository using the @main ref (git+https://github.com/VirajSanghvi1/raglite.git@main). Installing from an unpinned main branch means you fetch whatever is on that branch at install time (no fixed release, no checksum). pip installing a remote VCS package can execute package install hooks; while common, it is a higher-risk install method than a pinned release from a verified registry.
Credentials
The registry lists no required env vars but the documentation references OPENCLAW_GATEWAY_TOKEN when using the OpenClaw engine. That is a sensitive credential-like variable and should be declared if the skill expects it. Also the skill expects ripgrep and a reachable Chroma server, but these binaries/network services are not declared in the metadata. The mismatch between declared and actual env/network needs is disproportionate and could surprise users.
Persistence & Privilege
The skill does not request permanent inclusion (always:false), does not modify other skills or system-wide settings, and confines installed packages to a skill-local virtual environment. Entrypoint execution is normal for an exec-style skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install virajsanghvi1-raglite - After installation, invoke the skill by name or use
/virajsanghvi1-raglite - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is RAGLite?
Local-first RAG cache: distill docs into structured Markdown, then index/query with Chroma + hybrid search (vector + keyword). It is an AI Agent Skill for Claude Code / OpenClaw, with 1464 downloads so far.
How do I install RAGLite?
Run "/install virajsanghvi1-raglite" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is RAGLite free?
Yes, RAGLite is completely free (open-source). You can download, install and use it at no cost.
Which platforms does RAGLite support?
RAGLite is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux).
Who created RAGLite?
It is built and maintained by Viraj Sanghvi (@virajsanghvi1); the current version is v1.0.0.
More Skills