← Back to Skills Marketplace
wjreliable

local-file-rag-basic

by wjreliable · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
3349
Downloads
1
Stars
37
Active Installs
1
Versions
Install in OpenClaw
/install local-file-rag-basic
Description
High-performance local File RAG suite (Basic Edition).
Usage Guidance
Install only if you are comfortable with the skill reading, extracting, and caching files under the directory you choose. Avoid pointing rootDir at home directories, repositories with secrets, or broad business folders; preinstall and review the npm dependencies yourself where possible; and delete .storage/code-rag.db when you no longer want the index retained.
Capability Analysis
Type: OpenClaw Skill Name: local-file-rag-basic Version: 1.0.0 The skill is classified as suspicious due to two primary vulnerabilities. Firstly, the `local_file_rag_search` tool's `rootDir` parameter in `script/index.js` allows an AI agent to specify arbitrary directories for scanning, enabling local file disclosure and potential data exfiltration if the agent is prompted maliciously. Secondly, the `ensureDependencies` function in `script/index.js` uses `child_process.execSync` with `shell: true` for dependency installation. While currently used with hardcoded, benign packages, this primitive is highly susceptible to shell injection if the dependency list were ever derived from untrusted input, posing a significant RCE risk. There is no evidence of intentional malicious behavior such as exfiltration to external endpoints or backdoor installation.
Capability Assessment
Purpose & Capability
The stated local RAG/search purpose matches the main implementation: it recursively indexes supported code, text, PDF, DOCX, XLS/XLSX, and media metadata, then returns matching snippets or small file contents. No exfiltration endpoint, credential harvesting, or destructive behavior was found.
Instruction Scope
The tool accepts an arbitrary rootDir, switches to that directory, recursively indexes supported files before result filtering, and can return full contents for small matched text/code files. This is high-impact local data access without clear allowlists, confirmation, or sensitive-path controls.
Install Mechanism
On initialization, the skill detects missing document-parser packages and runs npm install --no-save through execSync with shell:true and suppressed output. The package names are hardcoded, reducing injection risk, but automatic runtime package installation is under-controlled and can execute third-party dependency code.
Credentials
Reading local files is purpose-aligned for RAG, but broad recursive scanning, Office/PDF parsing, media metadata reads, and dynamic root switching require clearer user control and privacy disclosure. The artifacts do not show external data upload behavior.
Persistence & Privilege
The skill creates .storage/code-rag.db under the selected root and stores extracted text chunks and metadata for incremental search, but the artifacts do not document retention, deletion, minimization, or protections for sensitive indexed content.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install local-file-rag-basic
  3. After installation, invoke the skill by name or use /local-file-rag-basic
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of Local File RAG Search (Basic Edition) - Indexes files up to 20MB with single-threaded performance - Supports common code and document formats (JS/TS, Python, C++, Go, Markdown, PDF, DOCX, XLSX, etc.) - Provides efficient workspace search via query, target file, and root directory parameters - Returns structured results with skeletons, metadata, and clustered code snippets
Metadata
Slug local-file-rag-basic
Version 1.0.0
License
All-time Installs 37
Active Installs 37
Total Versions 1
Frequently Asked Questions

What is local-file-rag-basic?

High-performance local File RAG suite (Basic Edition). It is an AI Agent Skill for Claude Code / OpenClaw, with 3349 downloads so far.

How do I install local-file-rag-basic?

Run "/install local-file-rag-basic" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is local-file-rag-basic free?

Yes, local-file-rag-basic is completely free (open-source). You can download, install and use it at no cost.

Which platforms does local-file-rag-basic support?

local-file-rag-basic is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created local-file-rag-basic?

It is built and maintained by wjreliable (@wjreliable); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments