enterprise-memory Security Report — Low Risk | ClawSafe

20 /100

enterprise-memory

EAM规范企业级Agent记忆体系Skill，提供项目级隔离、状态同步、快照压缩及SOP流程管理能力

Legitimate EAM project management skill with well-structured SOP workflows. Minor documentation gap regarding network access for web fetching capability.

Skill Nameenterprise-memory

Duration40.0s

Enginepi

✓

Safe to install

Consider adding explicit network:READ capability declaration in SKILL.md for the jina.ai web fetching feature. The optional LLM compression warning is appropriate.

Findings 2 items

Severity	Finding	Location
Low	Network capability not mapped in capability model Doc Mismatch The skill documents jina.ai web fetching capability using curl, but does not include network:READ in the allowed-tools mapping. This is a documentation gap rather than hidden functionality. `curl -s "https://r.jina.ai/[URL]"` → Add network:READ to capability model if web fetching is part of the skill's core functionality	`SKILL.md:327`
Info	Subprocess calls between scripts RCE Scripts call each other via subprocess.run() for state synchronization. This is legitimate internal coordination and documented. `subprocess.run([sys.executable, str(update_script), '--project-dir', ...])` → No action needed - this is expected behavior for script orchestration	`scripts/sop_state.py:90`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ,WRITE`	`READ,WRITE`	✓ Aligned	SKILL.md:89-100 defines ~/.openclaw/EAM-projects/ storage
Shell	`WRITE`	`WRITE`	✓ Aligned	subprocess.run() calls between scripts for internal coordination
Network	`NONE`	`READ`	✓ Aligned	curl to jina.ai in SKILL.md:327-365 but not in capability mapping

3 findings

🔗

Medium External URL 外部 URL

https://clawhub.ai/evan-zhang/enterprise-memory

SKILL.md:18

🔗

Medium External URL 外部 URL

https://r.jina.ai/[URL

SKILL.md:327

🔗

Medium External URL 外部 URL

https://r.jina.ai/https://toutiao.com/article/12345

SKILL.md:363

File Tree

26 files · 117.9 KB · 3770 lines

Python 8f · 2427L Markdown 16f · 1310L JSON 2f · 33L

├─ ▾ 📁 references

│ ├─ ▾ 📁 shared

│ │ ├─ 📝 confirm-protocol.md Markdown 38L · 1.4 KB

│ │ ├─ 📝 state-machine.md Markdown 55L · 1.5 KB

│ │ └─ 📝 upgrade-rules.md Markdown 53L · 1.5 KB

│ ├─ ▾ 📁 templates

│ │ ├─ ▾ 📁 full

│ │ │ ├─ 📝 ARTIFACTS-template.md Markdown 33L · 710 B

│ │ │ ├─ 📝 DECISIONS-template.md Markdown 27L · 735 B

│ │ │ └─ 📝 PLAN-template.md Markdown 40L · 751 B

│ │ ├─ ▾ 📁 lite

│ │ │ ├─ 📝 HANDOVER-template.md Markdown 45L · 768 B

│ │ │ ├─ 📝 LOG-template.md Markdown 37L · 780 B

│ │ │ ├─ 📝 RESULT-template.md Markdown 54L · 912 B

│ │ │ └─ 📝 TASK-template.md Markdown 52L · 821 B

│ │ ├─ 📝 DECISIONS.md Markdown 9L · 173 B

│ │ ├─ 📝 INDEX.md Markdown 31L · 451 B

│ │ └─ 📋 state.json JSON 28L · 593 B

│ ├─ 📝 sop-full-guide.md Markdown 107L · 3.4 KB

│ └─ 📝 sop-lite-guide.md Markdown 91L · 2.8 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 __init__.py Python 2L · 63 B

│ ├─ 🐍 compress.py Python 429L · 14.3 KB

│ ├─ 🐍 sop_handover.py Python 248L · 8.1 KB

│ ├─ 🐍 sop_init.py Python 283L · 9.7 KB

│ ├─ 🐍 sop_state.py Python 286L · 11.5 KB

│ ├─ 🐍 sop_upgrade.py Python 393L · 14.0 KB

│ ├─ 🐍 switch_project.py Python 489L · 17.3 KB

│ └─ 🐍 update_index.py Python 297L · 8.8 KB

├─ 📋 _meta.json JSON 5L · 136 B

├─ 📝 CHARTER.md Markdown 230L · 4.6 KB

└─ 📝 SKILL.md Markdown 408L · 12.2 KB

Security Positives

✓ All file operations use atomic writes (temp file → rename pattern)

✓ Proper security warning in SKILL.md for optional LLM compression feature

✓ No credential theft or sensitive file access (~/.ssh, ~/.aws, .env)

✓ No obfuscation or base64-encoded payloads

✓ No external dependencies beyond Python standard library

✓ Well-structured state management with schema validation

✓ Dry-run support for all destructive operations

✓ High-risk operations require explicit --confirm flag

Scan Report

Findings 2 items

File Tree

Security Positives