中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 25/100
上次扫描:1 天前 重新扫描
25 /100
dream-memory
Agent 记忆管理系统 — 四层架构:文件存储 + OpenViking 向量引擎 + Ollama bge-m3 + Agent 规则
The skill is a legitimate agent memory management system with no malicious intent, but its documentation does not declare shell execution capabilities and contains a documented curl|bash pattern for Ollama installation.
技能名称dream-memory
分析耗时42.4s
引擎pi
可以安装
Add an explicit 'shell:WRITE' declaration in SKILL.md if the agent is expected to run scripts/memory-check.sh. The curl|bash pattern in ollama-setup.md should be marked as documentation-only, not a runtime execution vector.

安全发现 4 项

严重性 安全发现 位置
中危
Shell execution capability not declared in SKILL.md 文档欺骗
SKILL.md makes no mention of shell execution, yet it references 'scripts/memory-check.sh' as a self-check script that the agent would invoke. The shell:WRITE permission is not declared in the capability model.
自检脚本 → `scripts/memory-check.sh`
→ Add 'shell:WRITE' to the allowed-tools mapping in SKILL.md if the agent is intended to execute shell scripts.
 SKILL.md:54
中危
curl|bash remote script execution documented but undeclared 文档欺骗
The high-risk IOC 'curl -fsSL https://ollama.com/install.sh | sh' appears in references/ollama-setup.md. While it is a legitimate installation command for Ollama, it is not declared as a capability in SKILL.md and could be mistaken for runtime behavior.
curl -fsSL https://ollama.com/install.sh | sh
→ Distinguish between documentation (for human readers) and agent-executable commands. Consider adding a note that this block is for manual setup, not agent invocation.
 references/ollama-setup.md:7
低危
Network access not declared in SKILL.md 文档欺骗
scripts/memory-check.sh performs curl requests to localhost:1933 (OpenViking health check) and SKILL.md makes no declaration of network:READ. This is a minor documentation gap.
curl -s http://127.0.0.1:1933/
→ Add 'network:READ' to the declared capabilities if the agent is expected to check service health via HTTP.
 scripts/memory-check.sh:17
低危
Filesystem read access not explicitly declared 文档欺骗
SKILL.md describes reading MEMORY.md, sessions.json, memory/ directory, and AGENTS.md, but does not declare filesystem:READ. This is a documentation gap for the capability model.
读取 `~/.openclaw/agents/{agent-id}/sessions/sessions.json`
→ Declare filesystem:READ in SKILL.md to match the documented behavior of reading workspace files and session data.
 SKILL.md:28
资源类型声明权限推断权限状态证据
文件系统 NONE READ ✓ 一致 SKILL.md references reading memory files and sessions.json but does not declare …
网络访问 NONE READ ✓ 一致 scripts/memory-check.sh uses curl to localhost:1933 for service health checks; n…
命令执行 NONE WRITE ✗ 越权 SKILL.md references scripts/memory-check.sh and includes shell commands in docum…
1 严重 5 项发现
💀
严重 危险命令 危险 Shell 命令
curl -fsSL https://ollama.com/install.sh | sh
references/ollama-setup.md:7
🔗
中危 外部 URL 外部 URL
https://ollama.com/install.sh
references/ollama-setup.md:7
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:1933/api/v1/resources
references/ollama-setup.md:99
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:1933/api/v1/system/wait
references/ollama-setup.md:100
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:1933/
scripts/memory-check.sh:17

目录结构

3 文件 · 6.4 KB · 212 行
Markdown 2f · 173L Shell 1f · 39L
├─ 📁 references
│ └─ 📝 ollama-setup.md Markdown 109L · 2.7 KB
├─ 📁 scripts
│ └─ 🔧 memory-check.sh Shell 39L · 1.1 KB
└─ 📝 SKILL.md Markdown 64L · 2.5 KB

安全亮点

✓ No evidence of credential theft, key harvesting, or environment variable iteration
✓ No data exfiltration or C2 communication detected
✓ No obfuscated code, base64 payloads, or anti-analysis techniques
✓ No persistence mechanisms (cron, startup hooks, backdoors)
✓ No supply chain risks — no package manager dependencies
✓ All network activity is localhost-only (OpenViking service health checks)
✓ The skill's stated purpose (agent memory management) is internally consistent
✓ scripts/memory-check.sh performs only read-only diagnostics with no data collection