← 返回 Skills 市场
angusthefuzz

Ragflow API Client

作者 angusthefuzz · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
1108
总下载
6
收藏
2
当前安装
3
版本数
在 OpenClaw 中安装
/install ragflow
功能描述
Universal client for Ragflow API enabling dataset management, document upload, and running chat queries against self-hosted RAG knowledge bases.
安全使用建议
This skill appears to be what it claims: a Node-based Ragflow API client. The primary risk is operational: the tool will upload files and send them to whatever RAGFLOW_URL you provide using the RAGFLOW_API_KEY. Only install/use it if you trust the Ragflow instance and you provide a least-privilege API key. Also note the registry metadata lists no required env vars while SKILL.md and the code require RAGFLOW_URL and RAGFLOW_API_KEY — verify that metadata mismatch before automating credential injection. Finally, avoid running the CLI in contexts where untrusted users could supply arbitrary file paths to upload sensitive data.
功能分析
Type: OpenClaw Skill Name: ragflow Version: 1.0.2 The skill is designed to interact with a RAGflow API, including uploading documents. Its `uploadDocument` function in `lib/api.js` and the `upload` command in `scripts/ragflow.js` allow reading and uploading arbitrary local files specified by a `filePath` argument (e.g., `--file /etc/passwd`). While this functionality is inherent to a document upload feature, the lack of input sanitization or restrictions on the `filePath` creates a significant vulnerability. If an AI agent is susceptible to prompt injection, it could be instructed to upload sensitive local files (e.g., `~/.ssh/id_rsa`, `/etc/passwd`) to the configured `RAGFLOW_URL`, leading to local file exfiltration. This is a critical vulnerability that allows attacks, rather than code explicitly designed with malicious intent.
能力评估
Purpose & Capability
Name/description (Ragflow API client) match the included CLI and library. Required binary is node, which is appropriate. The functions and REST endpoints in code align with dataset management, uploads, parsing, and retrieval described in the SKILL.md.
Instruction Scope
SKILL.md instructs the agent to use RAGFLOW_URL and RAGFLOW_API_KEY and run the provided node scripts. The code only reads the declared env vars, reads local files only when given an explicit path, and sends requests to the configured RAGFLOW_URL. There are no instructions to read unrelated system files or exfiltrate data to other endpoints.
Install Mechanism
No install spec is provided (instruction-only), and the included code is plain JS. No external downloads or archive extraction are performed by an installer. This is low-risk from an install perspective.
Credentials
The SKILL.md and code require RAGFLOW_URL and RAGFLOW_API_KEY (appropriate and proportionate). However, the registry summary at the top of the report listed 'Required env vars: none' which contradicts the SKILL.md and code; this is a metadata inconsistency that should be resolved before trusting automated deployment/permission tooling.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or modify other skills. Autonomous invocation is allowed (platform default) but is not combined with any other elevated privileges here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ragflow
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ragflow 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Fixed metadata: env vars now properly declared at top level with security note
v1.0.1
Security fix: removed automatic .env loading (scope creep). Env vars must be set explicitly.
v1.0.0
Initial release
元数据
Slug ragflow
版本 1.0.2
许可证
累计安装 2
当前安装数 2
历史版本数 3
常见问题

Ragflow API Client 是什么?

Universal client for Ragflow API enabling dataset management, document upload, and running chat queries against self-hosted RAG knowledge bases. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1108 次。

如何安装 Ragflow API Client?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ragflow」即可一键安装,无需额外配置。

Ragflow API Client 是免费的吗?

是的,Ragflow API Client 完全免费(开源免费),可自由下载、安装和使用。

Ragflow API Client 支持哪些平台?

Ragflow API Client 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Ragflow API Client?

由 angusthefuzz(@angusthefuzz)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论