agent-memento Security Report — Trusted | ClawSafe

5 /100

agent-memento

Tick-Driven Autonomous Production Factory for LLMs - A framework for long-running agents using Cron/Heartbeats and physical Markdown checklists

Agent Memento is a legitimate tick-driven autonomous agent framework with proper security controls. All capabilities are accurately declared, environment isolation is correctly implemented, and no malicious patterns were found.

Skill Nameagent-memento

Duration52.1s

Enginepi

✓

Safe to install

This skill is safe to use. No security concerns identified.

Findings 1 items

Severity	Finding	Location
Low	Unused dependency Supply Chain Puppeteer is listed as a dependency in dashboard/package.json but is not imported or used in server.js. This adds unnecessary attack surface. `"puppeteer": "^24.39.1"` → Remove puppeteer from dependencies if unused, or document its intended purpose	`dashboard/package.json:11`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:init_memento.sh creates project scaffolding
Shell	`WRITE`	`WRITE`	✓ Aligned	memento_tick.sh invokes openclaw agent via bash subprocess
Network	`NONE`	`NONE`	—	Dashboard binds to localhost only (127.0.0.1), no outbound exfiltration
Environment	`NONE`	`NONE`	—	Both memento_tick.sh and server.js filter env to PATH only, preventing credentia…
Skill Invoke	`WRITE`	`WRITE`	✓ Aligned	memento_tick.sh spawns openclaw agent subprocess
Database	`NONE`	`NONE`	—	No database access observed
Browser	`NONE`	`NONE`	—	Dashboard is web-based monitoring, not browser automation
Clipboard	`NONE`	`NONE`	—	No clipboard access

9 findings

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/OpenClaw-Skill-blue.svg

README.md:12

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/ClawHub-Install-ff69b4.svg

README.md:13

🔗

Medium External URL 外部 URL

https://clawhub.com/yangwenyu2/agent-memento

README.md:13

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow.svg

README.md:14

🔗

Medium External URL 外部 URL

https://opensource.org/licenses/MIT

README.md:14

🔗

Medium External URL 外部 URL

https://paulmillr.com/funding/

dashboard/package-lock.json:427

🔗

Medium External URL 外部 URL

https://opencollective.com/express

dashboard/package-lock.json:528

🔗

Medium External URL 外部 URL

https://www.patreon.com/feross

dashboard/package-lock.json:1857

🔗

Medium External URL 外部 URL

https://feross.org/support

dashboard/package-lock.json:1861

File Tree

19 files · 177.1 KB · 4645 lines

JSON 3f · 2397L Markdown 12f · 1264L HTML 1f · 506L Shell 2f · 249L JavaScript 1f · 229L

├─ ▾ 📁 dashboard

│ ├─ ▾ 📁 public

│ │ └─ 📄 index.html HTML 506L · 19.9 KB

│ ├─ 📋 package-lock.json JSON 2354L · 82.4 KB

│ ├─ 📋 package.json JSON 17L · 371 B

│ ├─ 📜 server.js JavaScript 229L · 9.1 KB

│ └─ 🔧 start_daemon.sh Shell 13L · 397 B

├─ ▾ 📁 docs

│ └─ 📝 TICK_STATUS.md Markdown 1L · 49 B

├─ ▾ 📁 examples

│ └─ ▾ 📁 demo-rest-api

│ └─ ▾ 📁 docs

│ ├─ 📝 HUMAN_NOTES.md Markdown 0 B

│ ├─ 📝 MASTER_PLAN.md Markdown 29L · 1.2 KB

│ ├─ 📝 PROJECT_MAP.md Markdown 4L · 106 B

│ └─ 📝 TICK_STATUS.md Markdown 44L · 1.8 KB

├─ ▾ 📁 projects

│ └─ ▾ 📁 demo

│ └─ ▾ 📁 docs

│ ├─ 📝 HUMAN_NOTES.md Markdown 0 B

│ ├─ 📝 MASTER_PLAN.md Markdown 1L · 30 B

│ ├─ 📝 PROJECT_MAP.md Markdown 0 B

│ └─ 📝 TICK_STATUS.md Markdown 0 B

├─ ▾ 📁 scripts

│ └─ 🔧 init_memento.sh Shell 236L · 9.9 KB

├─ 📋 package.json JSON 26L · 454 B

├─ 📝 README_zh.md Markdown 95L · 5.7 KB

├─ 📝 README.md Markdown 107L · 5.7 KB

└─ 📝 SKILL.md Markdown 983L · 40.2 KB

Dependencies 6 items

Package	Version	Source	Known Vulns	Notes
`express`	`^4.18.2`	npm	No
`cors`	`^2.8.5`	npm	No
`chokidar`	`^3.5.3`	npm	No
`ws`	`^8.16.0`	npm	No
`minimist`	`^1.2.8`	npm	No
`puppeteer`	`^24.39.1`	npm	No	Declared but unused in code

Security Positives

✓ Environment isolation: memento_tick.sh uses 'env -i PATH=$PATH' to prevent credential leakage to child processes

✓ Environment isolation: server.js chat endpoint filters env to only PATH when spawning openclaw agent

✓ Localhost binding: Dashboard defaults to 127.0.0.1, preventing remote access

✓ Preview opt-in: File preview is disabled by default and requires explicit --enable-preview flag

✓ No credential access: SKILL.md explicitly states no new keys are requested or stored

✓ Clear documentation: All capabilities and behaviors are accurately documented in SKILL.md

✓ No obfuscation: All shell scripts are human-readable without base64 encoding

✓ Git-based rollback: Failed tasks are automatically rolled back via git checkout

✓ Input sanitization: server.js uses execFile with bash argument array to prevent command injection

Scan Report

Findings 1 items

File Tree

Dependencies 6 items

Security Positives