中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 25/100
Last scan:23 hr ago Rescan
25 /100
dream-memory
Agent 记忆管理系统 — 四层架构:文件存储 + OpenViking 向量引擎 + Ollama bge-m3 + Agent 规则
The skill is a legitimate agent memory management system with no malicious intent, but its documentation does not declare shell execution capabilities and contains a documented curl|bash pattern for Ollama installation.
Skill Namedream-memory
Duration42.4s
Enginepi
Safe to install
Add an explicit 'shell:WRITE' declaration in SKILL.md if the agent is expected to run scripts/memory-check.sh. The curl|bash pattern in ollama-setup.md should be marked as documentation-only, not a runtime execution vector.

Findings 4 items

Severity Finding Location
Medium
Shell execution capability not declared in SKILL.md Doc Mismatch
SKILL.md makes no mention of shell execution, yet it references 'scripts/memory-check.sh' as a self-check script that the agent would invoke. The shell:WRITE permission is not declared in the capability model.
自检脚本 → `scripts/memory-check.sh`
→ Add 'shell:WRITE' to the allowed-tools mapping in SKILL.md if the agent is intended to execute shell scripts.
 SKILL.md:54
Medium
curl|bash remote script execution documented but undeclared Doc Mismatch
The high-risk IOC 'curl -fsSL https://ollama.com/install.sh | sh' appears in references/ollama-setup.md. While it is a legitimate installation command for Ollama, it is not declared as a capability in SKILL.md and could be mistaken for runtime behavior.
curl -fsSL https://ollama.com/install.sh | sh
→ Distinguish between documentation (for human readers) and agent-executable commands. Consider adding a note that this block is for manual setup, not agent invocation.
 references/ollama-setup.md:7
Low
Network access not declared in SKILL.md Doc Mismatch
scripts/memory-check.sh performs curl requests to localhost:1933 (OpenViking health check) and SKILL.md makes no declaration of network:READ. This is a minor documentation gap.
curl -s http://127.0.0.1:1933/
→ Add 'network:READ' to the declared capabilities if the agent is expected to check service health via HTTP.
 scripts/memory-check.sh:17
Low
Filesystem read access not explicitly declared Doc Mismatch
SKILL.md describes reading MEMORY.md, sessions.json, memory/ directory, and AGENTS.md, but does not declare filesystem:READ. This is a documentation gap for the capability model.
读取 `~/.openclaw/agents/{agent-id}/sessions/sessions.json`
→ Declare filesystem:READ in SKILL.md to match the documented behavior of reading workspace files and session data.
 SKILL.md:28
ResourceDeclaredInferredStatusEvidence
Filesystem NONE READ ✓ Aligned SKILL.md references reading memory files and sessions.json but does not declare …
Network NONE READ ✓ Aligned scripts/memory-check.sh uses curl to localhost:1933 for service health checks; n…
Shell NONE WRITE ✗ Violation SKILL.md references scripts/memory-check.sh and includes shell commands in docum…
1 Critical 5 findings
💀
Critical Dangerous Command 危险 Shell 命令
curl -fsSL https://ollama.com/install.sh | sh
references/ollama-setup.md:7
🔗
Medium External URL 外部 URL
https://ollama.com/install.sh
references/ollama-setup.md:7
🔗
Medium External URL 外部 URL
http://127.0.0.1:1933/api/v1/resources
references/ollama-setup.md:99
🔗
Medium External URL 外部 URL
http://127.0.0.1:1933/api/v1/system/wait
references/ollama-setup.md:100
🔗
Medium External URL 外部 URL
http://127.0.0.1:1933/
scripts/memory-check.sh:17

File Tree

3 files · 6.4 KB · 212 lines
Markdown 2f · 173L Shell 1f · 39L
├─ 📁 references
│ └─ 📝 ollama-setup.md Markdown 109L · 2.7 KB
├─ 📁 scripts
│ └─ 🔧 memory-check.sh Shell 39L · 1.1 KB
└─ 📝 SKILL.md Markdown 64L · 2.5 KB

Security Positives

✓ No evidence of credential theft, key harvesting, or environment variable iteration
✓ No data exfiltration or C2 communication detected
✓ No obfuscated code, base64 payloads, or anti-analysis techniques
✓ No persistence mechanisms (cron, startup hooks, backdoors)
✓ No supply chain risks — no package manager dependencies
✓ All network activity is localhost-only (OpenViking service health checks)
✓ The skill's stated purpose (agent memory management) is internally consistent
✓ scripts/memory-check.sh performs only read-only diagnostics with no data collection