← 返回 Skills 市场
RAGLite
作者
Viraj Sanghvi
· GitHub ↗
· v1.0.0
1464
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install virajsanghvi1-raglite
功能描述
Local-first RAG cache: distill docs into structured Markdown, then index/query with Chroma + hybrid search (vector + keyword).
安全使用建议
Key things to check before installing/using RAGLite:
- Understand the default engine behavior: the provided wrapper script will inject '--engine openclaw' if you don't pass --engine yourself, which causes the tool to use the OpenClaw gateway by default. That may send distilled document content to that gateway — do not run it on sensitive docs unless you trust the gateway and its operator.
- OPENCLAW_GATEWAY_TOKEN is referenced in the docs but not declared in the skill metadata. Treat that as a sensitive credential: only set it if you trust the gateway and understand where requests go.
- The install performs 'pip install git+...@main' (unpinning to main). Review the GitHub repo (https://github.com/VirajSanghvi1/raglite) before installing, and prefer a pinned release or commit SHA to avoid unexpected changes. Consider auditing the package's setup/entry points.
- Ensure required local dependencies are present: python3 (3.11+), pip, ripgrep (rg) for keyword search, and a Chroma server if you intend to index locally. The skill metadata only listed python3/pip — install rg yourself if you need keyword matching.
- If you want strictly local operation, explicitly pass a local engine (do not rely on the default) and confirm the tool is not configured to point to a remote Chroma instance or gateway. Run the install in an isolated environment (VM/container) if you want to limit risk.
- If unsure, request the upstream repository URL and review its code (especially any install-time hooks) or ask the provider to publish a tagged release and declare required env vars.
功能分析
Type: OpenClaw Skill
Name: virajsanghvi1-raglite
Version: 1.0.0
The skill bundle is classified as suspicious due to its installation method. The `scripts/install.sh` file installs the `raglite` package directly from a remote GitHub repository (`git+https://github.com/VirajSanghvi1/raglite.git@main`). This introduces a significant supply chain risk, as the integrity and security of the skill are dependent on the external repository. If the upstream repository were compromised, malicious code could be injected into the skill's runtime environment without direct modification of the provided skill bundle files.
能力评估
Purpose & Capability
The skill claims to be a local-first RAG cache (Chroma + ripgrep) but the registry metadata only requires python3/pip; the SKILL.md also lists ripgrep and a reachable Chroma server as prerequisites. The SKILL.md further advertises OpenClaw as the default condensation engine, which implies network interaction outside the local components — this is not reflected in the declared requirements. In short: some required tools and network dependencies the docs mention (rg, OpenClaw gateway) are not declared in the skill metadata.
Instruction Scope
Runtime instructions and the entrypoint script automatically inject '--engine openclaw' when the user does not supply an --engine argument, which will cause the tool to use the OpenClaw gateway by default (possible remote model service). That can result in document content being sent off-machine unless the user explicitly overrides the engine. The SKILL.md mentions OPENCLAW_GATEWAY_TOKEN but the skill does not declare or require that env var — the runtime instructions therefore rely on an undocumented sensitive variable and network endpoint.
Install Mechanism
Installation is via pip from a GitHub repository using the @main ref (git+https://github.com/VirajSanghvi1/raglite.git@main). Installing from an unpinned main branch means you fetch whatever is on that branch at install time (no fixed release, no checksum). pip installing a remote VCS package can execute package install hooks; while common, it is a higher-risk install method than a pinned release from a verified registry.
Credentials
The registry lists no required env vars but the documentation references OPENCLAW_GATEWAY_TOKEN when using the OpenClaw engine. That is a sensitive credential-like variable and should be declared if the skill expects it. Also the skill expects ripgrep and a reachable Chroma server, but these binaries/network services are not declared in the metadata. The mismatch between declared and actual env/network needs is disproportionate and could surprise users.
Persistence & Privilege
The skill does not request permanent inclusion (always:false), does not modify other skills or system-wide settings, and confines installed packages to a skill-local virtual environment. Entrypoint execution is normal for an exec-style skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install virajsanghvi1-raglite - 安装完成后,直接呼叫该 Skill 的名称或使用
/virajsanghvi1-raglite触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
RAGLite 是什么?
Local-first RAG cache: distill docs into structured Markdown, then index/query with Chroma + hybrid search (vector + keyword). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1464 次。
如何安装 RAGLite?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install virajsanghvi1-raglite」即可一键安装,无需额外配置。
RAGLite 是免费的吗?
是的,RAGLite 完全免费(开源免费),可自由下载、安装和使用。
RAGLite 支持哪些平台?
RAGLite 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。
谁开发了 RAGLite?
由 Viraj Sanghvi(@virajsanghvi1)开发并维护,当前版本 v1.0.0。
推荐 Skills