Telnyx Rag

Semantic search and Q&A over workspace files using Telnyx Storage + AI embeddings. Index your memory, knowledge, and skills for natural language retrieval and AI-powered answers.

This skill appears to be a working Telnyx-backed RAG tool, but it will by default scan and upload many workspace files (including other skills' SKILL.md and high-level guardrail/agent docs) to a Telnyx bucket whose naming scheme the author encourages to be predictable. Before installing: 1) Only run it in a tightly scoped directory (set 'workspace' in config.json to a dedicated folder). 2) Change the bucket name to a unique, non-discoverable name (avoid openclaw-*). 3) Remove or narrow patterns that would index other skills, guardrails, or any files that might contain secrets. 4) Use a Telnyx API key with limited permissions and a dedicated account for this purpose. 5) Review sync.py and config.json to confirm which globs will be uploaded. If you need the agent to index only local content and never send certain files to the cloud, do not run sync/embed or validate that the tool supports dry-run/local-only embedding. These mitigations would reduce the privacy/exfiltration risk; if you cannot limit the scope, consider this a high-risk integration.

Type: OpenClaw Skill Name: telnyx-rag Version: 1.0.1 The OpenClaw AgentSkills skill bundle "telnyx-rag" is designed for semantic search and Q&A over an agent's workspace files using Telnyx Storage and AI APIs. The analysis reveals the following: 1. **Purpose Alignment**: All scripts (`ask.py`, `search.py`, `sync.py`, `setup.sh`, `embed.sh`) and configuration (`_meta.json`, `config.json`, `SKILL.md`) are consistent with the stated purpose of a RAG (Retrieval Augmented Generation) system. They handle file indexing, chunking, uploading to Telnyx Storage, triggering embeddings, performing similarity searches, and generating answers using Telnyx AI. 2. **Network Activity**: The Python scripts make authenticated HTTPS requests to `https://api.telnyx.com` and `*.telnyxcloudstorage.com`. This is necessary for interacting with Telnyx services. There is no evidence of communication with unauthorized external endpoints. 3. **File System Access**: The `sync.py` script, guided by `config.json`, reads files from the `workspace` (defaulting to `.` relative to the skill directory) based on defined `patterns` (e.g., `MEMORY.md`, `knowledge/*.md`, `skills/*/SKILL.md`). This access is fundamental to the RAG functionality and is reasonably scoped for an agent's knowledge base. 4. **Credential Handling**: The `TELNYX_API_KEY` is loaded from environment variables or a local `.env` file. The `setup.sh` script explicitly uses `source "$SCRIPT_DIR/.env"` if an `.env` file is present. This pattern, while common for local development, introduces a **shell injection vulnerability** if the `.env` file contains untrusted or maliciously crafted content (e.g., `TELNYX_API_KEY=; rm -rf /`). Although the `SKILL.md` instructs the user to provide their API key, the script's execution of arbitrary content from a user-controlled file is a significant security flaw. 5. **Prompt Injection**: The `SKILL.md` file contains instructions for the *user* or *other agents* on how to use and integrate the skill. It does not contain any instructions intended to prompt-inject the *OpenClaw agent* executing this skill bundle to perform unauthorized actions or subvert its directives. The `SYSTEM_PROMPT` in `ask.py` is for the *external LLM*, not the OpenClaw agent. 6. **Other Indicators**: No evidence of data exfiltration to unauthorized parties, malicious execution (e.g., `curl|bash` with remote payloads), persistence mechanisms, privilege escalation, or obfuscation was found. Standard library modules are used, and no suspicious external dependencies are introduced. **Classification**: Suspicious **Summary**: The skill's core functionality aligns with its stated purpose of providing RAG capabilities using Telnyx services. However, the `setup.sh` script's use of `source .env` to load the `TELNYX_API_KEY` introduces a shell injection vulnerability, as it executes the contents of a user-controlled file. This is a risky capability that could be exploited if a malicious `.env` file were introduced, classifying the skill as suspicious rather than benign.