扫描报告
5 /100
agent-memento
Tick-Driven Autonomous Production Factory for LLMs - A framework for long-running agents using Cron/Heartbeats and physical Markdown checklists
Agent Memento is a legitimate tick-driven autonomous agent framework with proper security controls. All capabilities are accurately declared, environment isolation is correctly implemented, and no malicious patterns were found.
可以安装
This skill is safe to use. No security concerns identified.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Unused dependency 供应链 | dashboard/package.json:11 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md:init_memento.sh creates project scaffolding |
| 命令执行 | WRITE | WRITE | ✓ 一致 | memento_tick.sh invokes openclaw agent via bash subprocess |
| 网络访问 | NONE | NONE | — | Dashboard binds to localhost only (127.0.0.1), no outbound exfiltration |
| 环境变量 | NONE | NONE | — | Both memento_tick.sh and server.js filter env to PATH only, preventing credentia… |
| 技能调用 | WRITE | WRITE | ✓ 一致 | memento_tick.sh spawns openclaw agent subprocess |
| 数据库 | NONE | NONE | — | No database access observed |
| 浏览器 | NONE | NONE | — | Dashboard is web-based monitoring, not browser automation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
9 项发现
中危 外部 URL 外部 URL
https://img.shields.io/badge/OpenClaw-Skill-blue.svg README.md:12 中危 外部 URL 外部 URL
https://img.shields.io/badge/ClawHub-Install-ff69b4.svg README.md:13 中危 外部 URL 外部 URL
https://clawhub.com/yangwenyu2/agent-memento README.md:13 中危 外部 URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg README.md:14 中危 外部 URL 外部 URL
https://opensource.org/licenses/MIT README.md:14 中危 外部 URL 外部 URL
https://paulmillr.com/funding/ dashboard/package-lock.json:427 中危 外部 URL 外部 URL
https://opencollective.com/express dashboard/package-lock.json:528 中危 外部 URL 外部 URL
https://www.patreon.com/feross dashboard/package-lock.json:1857 中危 外部 URL 外部 URL
https://feross.org/support dashboard/package-lock.json:1861 目录结构
19 文件 · 177.1 KB · 4645 行 JSON 3f · 2397L
Markdown 12f · 1264L
HTML 1f · 506L
Shell 2f · 249L
JavaScript 1f · 229L
├─
▾
dashboard
│ ├─
▾
public
│ │ └─
index.html
HTML
│ ├─
package-lock.json
JSON
│ ├─
package.json
JSON
│ ├─
server.js
JavaScript
│ └─
start_daemon.sh
Shell
├─
▾
docs
│ └─
TICK_STATUS.md
Markdown
├─
▾
examples
│ └─
▾
demo-rest-api
│ └─
▾
docs
│ ├─
HUMAN_NOTES.md
Markdown
│ ├─
MASTER_PLAN.md
Markdown
│ ├─
PROJECT_MAP.md
Markdown
│ └─
TICK_STATUS.md
Markdown
├─
▾
projects
│ └─
▾
demo
│ └─
▾
docs
│ ├─
HUMAN_NOTES.md
Markdown
│ ├─
MASTER_PLAN.md
Markdown
│ ├─
PROJECT_MAP.md
Markdown
│ └─
TICK_STATUS.md
Markdown
├─
▾
scripts
│ └─
init_memento.sh
Shell
├─
package.json
JSON
├─
README_zh.md
Markdown
├─
README.md
Markdown
└─
SKILL.md
Markdown
依赖分析 6 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
express | ^4.18.2 | npm | 否 | |
cors | ^2.8.5 | npm | 否 | |
chokidar | ^3.5.3 | npm | 否 | |
ws | ^8.16.0 | npm | 否 | |
minimist | ^1.2.8 | npm | 否 | |
puppeteer | ^24.39.1 | npm | 否 | Declared but unused in code |
安全亮点
✓ Environment isolation: memento_tick.sh uses 'env -i PATH=$PATH' to prevent credential leakage to child processes
✓ Environment isolation: server.js chat endpoint filters env to only PATH when spawning openclaw agent
✓ Localhost binding: Dashboard defaults to 127.0.0.1, preventing remote access
✓ Preview opt-in: File preview is disabled by default and requires explicit --enable-preview flag
✓ No credential access: SKILL.md explicitly states no new keys are requested or stored
✓ Clear documentation: All capabilities and behaviors are accurately documented in SKILL.md
✓ No obfuscation: All shell scripts are human-readable without base64 encoding
✓ Git-based rollback: Failed tasks are automatically rolled back via git checkout
✓ Input sanitization: server.js uses execFile with bash argument array to prevent command injection