Scan Report
5 /100
lightrag-knowledge-base
Deploy LightRAG as a shared knowledge graph for OpenClaw agents
Documentation-only skill providing LightRAG deployment instructions with no executable code, no credential theft, and all functionality declared in documentation.
Safe to install
This skill is safe to use. Only deploy if you intend to set up the LightRAG knowledge graph service.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | Documentation instructs to read ~/.openclaw/* files for indexing |
| Network | NONE | NONE | — | Documentation describes localhost API connections (127.0.0.1:9621) |
| Shell | NONE | NONE | — | Documentation provides bash command examples but skill itself doesn't execute th… |
| Environment | NONE | NONE | — | Documentation references .env creation but skill doesn't access existing environ… |
3 findings
Medium External URL 外部 URL
http://127.0.0.1:9621 SKILL.md:48 Medium External URL 外部 URL
http://127.0.0.1:9621/health SKILL.md:118 Medium External URL 外部 URL
http://127.0.0.1:9621/graphs/stats SKILL.md:301 File Tree
2 files · 11.8 KB · 366 lines Markdown 2f · 366L
├─
README.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Documentation-only skill with no executable malicious code
✓ All functionality clearly declared in SKILL.md
✓ Security recommendations present (bind to 127.0.0.1, use strong API keys)
✓ No credential exfiltration or data theft patterns
✓ No obfuscation or suspicious encoded content
✓ No remote code execution patterns (curl|bash)
✓ Legitimate Docker-based deployment for a knowledge graph service
✓ Clear guidance against indexing API keys into the graph