rlama

SUSPICIOUS. The core local-document RAG functionality is coherent, but the skill overstates privacy: it claims fully local/offline operation while also supporting cloud providers, arbitrary custom endpoints, remote Ollama hosts, and web crawling. Install trust is medium-risk due to an unpinned raw GitHub installer and mutable release binaries from a personal repo. Not confirmed malware, but the privacy and data-flow claims are materially inconsistent with the actual capability footprint.