扫描报告
0 /100
local-rag
Semantic search over local files using BGE-M3 embeddings and BGE-RERANKER-LARGE reranking with ChromaDB and parent-child chunking
A legitimate local RAG skill that indexes user documents for semantic search using ChromaDB and BGE-M3 embeddings. All observed behavior is declared, necessary, and consistent with the documented purpose.
可以安装
No action needed. The skill is safe to use as described.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | index.py:reads ~/Documenti and ~/Scaricati |
| 文件系统 | WRITE | WRITE | ✓ 一致 | index.py:stores chunks to ~/.local/share/local-rag/chromadb/ |
| 网络访问 | READ | READ | ✓ 一致 | sentence_transformers/FlagEmbedding download models from HuggingFace |
目录结构
3 文件 · 16.1 KB · 495 行 Python 2f · 413L
Markdown 1f · 82L
├─
▾
scripts
│ ├─
index.py
Python
│ └─
query.py
Python
└─
SKILL.md
Markdown
依赖分析 5 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
chromadb | * | pip | 否 | Standard vector database, no vulnerabilities relevant to this use case |
sentence-transformers | * | pip | 否 | Downloads models from HuggingFace; declared and expected |
FlagEmbedding | * | pip | 否 | Provides BGE-RERANKER-LARGE; declared and expected |
pdfplumber | * | pip (on-demand) | 否 | Installed on-demand via uv pip; not bundled |
python-docx | * | pip (on-demand) | 否 | Installed on-demand via uv pip; not bundled |
安全亮点
✓ All behavior fully declared in SKILL.md — indexing, storage paths, model sources, and supported formats are all documented
✓ File hashing (SHA-256) prevents re-indexing unchanged files — no unnecessary re-processing
✓ File locking (fcntl) prevents concurrent indexing runs
✓ Subprocess calls for dependency installation (pdfplumber, python-docx) are a standard CLI tool pattern and are not hidden
✓ No credential access, no environment variable iteration, no sensitive path access
✓ No data exfiltration — all indexed data stays in ~/.local/share/local-rag/
✓ Chunking strategy with deduplication prevents duplicate results
✓ No base64-encoded commands, no IP network requests, no eval/ast tricks
✓ Source code is readable and straightforward with no obfuscation