← Back to Skills Marketplace
odinbot33

OEE Knowledge Base RAG

by OdinBot33 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
759
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install oee-knowledge-base
Description
Semantic knowledge base allowing ingest, search, and retrieval of saved texts, URLs, and files using embeddings and SQLite.
Usage Guidance
This skill appears to be a local RAG knowledge base and the code largely matches that purpose, but there are important inconsistencies you should resolve before installing or supplying API keys: - SKILL.md says you need ANTHROPIC_API_KEY or OPENAI_API_KEY but the registry metadata lists no required env vars — assume the code will attempt to call an embeddings API. Only provide a key you trust and ideally create a dedicated, limited-scope key for this purpose. - The code calls external binaries (yt-dlp for YouTube transcripts, pdftotext as a PDF fallback) and may rely on Python packages like PyMuPDF (fitz). These dependencies are not declared; if you run this skill, ensure those binaries/packages are installed from official sources. Running in a sandbox/container is recommended. - The skill fetches arbitrary URLs and runs subprocesses to extract content. This is expected for an ingest tool but means it will make outbound network requests and execute local binaries. Do not point it at sensitive internal URLs or supply credentials without reviewing the code. - The skill creates a local database (kb.db) in the skill directory and writes temporary files to /tmp; protect that file if it will contain sensitive data. If you plan to use this skill: inspect the full kb.py (the provided snippet was truncated), confirm where it sends network requests and which env vars it reads, install required binaries from trusted sources, and consider running it in an isolated environment. If you cannot verify those points, treat the skill as potentially risky.
Capability Analysis
Type: OpenClaw Skill Name: oee-knowledge-base Version: 1.0.0 The `kb.py` file contains a critical shell injection vulnerability within the `extract_pdf` function. The `subprocess.run` call, which executes a Python script via `python3 -c`, constructs the script using an f-string that directly embeds the `path` variable (derived from user-provided `url_or_path`) without proper sanitization. A malicious URL or local path containing shell metacharacters or Python string delimiters could lead to arbitrary command execution on the host system. Additionally, the skill utilizes `subprocess.run` to execute external tools like `yt-dlp` and `pdftotext`, which, while intended, expands the attack surface.
Capability Assessment
Purpose & Capability
The skill's stated purpose (ingest/search/retrieve using embeddings + SQLite) matches the code's behavior. However, SKILL.md explicitly requires ANTHROPIC_API_KEY or OPENAI_API_KEY for embeddings, yet the registry metadata lists no required env vars/primary credential. Also the code expects external binaries (yt-dlp, pdftotext) and Python packages (fitz/PyMuPDF) that are not declared in the metadata. These omissions are incoherent and should be clarified.
Instruction Scope
Runtime instructions and code fetch arbitrary URLs, download content, extract transcripts, and run subprocesses (yt-dlp, pdftotext, a python -c fallback that imports fitz). They create a local SQLite DB (kb.db) and write temporary files under /tmp. While this is consistent with a KB ingest tool, the instructions and code do not declare or warn about these external fetches/subprocesses or which environment variables are required, and they give the agent freedom to ingest arbitrary remote content — a review and stricter scoping are recommended.
Install Mechanism
There is no install spec (instruction-only), so nothing is automatically downloaded/installed by the installer. That's lower risk, but the code invokes external binaries (yt-dlp, pdftotext) and may require Python packages (fitz). The skill does not declare these requirements in SKILL.md or registry metadata.
Credentials
SKILL.md requires ANTHROPIC_API_KEY or OPENAI_API_KEY (and the code reads KB_EMBED_MODEL from env), which is proportionate for embedding calls. However the registry metadata claims 'Required env vars: none' and 'Primary credential: none' — an inconsistency. Requiring an LLM/embed API key is reasonable for this skill, but it must be declared and users should only supply keys with minimal scope and/or dedicated billing.
Persistence & Privilege
The skill does not request always:true nor modify other skills. It persists data to a local SQLite DB (kb.db) and writes temporary files under /tmp for processing; this is expected for a KB tool.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install oee-knowledge-base
  3. After installation, invoke the skill by name or use /oee-knowledge-base
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of oee-knowledge-base: a personal RAG-powered knowledge base. - Ingest and save text, files, URLs, and notes with a single command. - Semantic search and context retrieval across all stored entries. - Simple CLI tools for ingestion, querying, and knowledge base management. - Stores data locally using SQLite and embeddings. - Requires Python 3.10+ and API key for embedding generation.
Metadata
Slug oee-knowledge-base
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is OEE Knowledge Base RAG?

Semantic knowledge base allowing ingest, search, and retrieval of saved texts, URLs, and files using embeddings and SQLite. It is an AI Agent Skill for Claude Code / OpenClaw, with 759 downloads so far.

How do I install OEE Knowledge Base RAG?

Run "/install oee-knowledge-base" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OEE Knowledge Base RAG free?

Yes, OEE Knowledge Base RAG is completely free (open-source). You can download, install and use it at no cost.

Which platforms does OEE Knowledge Base RAG support?

OEE Knowledge Base RAG is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OEE Knowledge Base RAG?

It is built and maintained by OdinBot33 (@odinbot33); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments