扫描报告
5 /100
lightrag-knowledge-base
Deploy LightRAG as a shared knowledge graph for OpenClaw agents
Documentation-only skill providing LightRAG deployment instructions with no executable code, no credential theft, and all functionality declared in documentation.
可以安装
This skill is safe to use. Only deploy if you intend to set up the LightRAG knowledge graph service.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | READ | ✓ 一致 | Documentation instructs to read ~/.openclaw/* files for indexing |
| 网络访问 | NONE | NONE | — | Documentation describes localhost API connections (127.0.0.1:9621) |
| 命令执行 | NONE | NONE | — | Documentation provides bash command examples but skill itself doesn't execute th… |
| 环境变量 | NONE | NONE | — | Documentation references .env creation but skill doesn't access existing environ… |
3 项发现
中危 外部 URL 外部 URL
http://127.0.0.1:9621 SKILL.md:48 中危 外部 URL 外部 URL
http://127.0.0.1:9621/health SKILL.md:118 中危 外部 URL 外部 URL
http://127.0.0.1:9621/graphs/stats SKILL.md:301 目录结构
2 文件 · 11.8 KB · 366 行 Markdown 2f · 366L
├─
README.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ Documentation-only skill with no executable malicious code
✓ All functionality clearly declared in SKILL.md
✓ Security recommendations present (bind to 127.0.0.1, use strong API keys)
✓ No credential exfiltration or data theft patterns
✓ No obfuscation or suspicious encoded content
✓ No remote code execution patterns (curl|bash)
✓ Legitimate Docker-based deployment for a knowledge graph service
✓ Clear guidance against indexing API keys into the graph