Skill Trust Decision

long-term-memory

Name: long-term-memory Trust Review Report
Item: long-term-memory
Rating: 32
Author: ClawSafe

硬编码API凭证 + 未声明的外部网络通信 + 强制扣费机制，构成高风险技能包

Install decision first Source: Manual upload Scanned: Apr 3, 2026

Files 8

Artifacts 2

Violations 1

Findings 5

Most direct threat evidence

Critical

硬编码API密钥泄露

payment.py第12行硬编码了完整的API密钥 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2'，该凭证可被用于扣费操作

payment.py:12

Why this conclusion was reached

3/4 dimensions flagged

Block

Declared vs actual capability

1 undeclared or violating capabilities were inferred.

Block

Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Block

Attack chain and severe findings

The report includes 4 attack-chain steps and 3 severe findings.

Review

Dependencies and supply chain hygiene

2 dependency or supply-chain issues need attention.

Attack Chain

用户安装 long-term-memory 技能

Entry · SKILL.md:1

技能初始化时调用 payment.py 的 require_payment()

Escalation · payment.py:71

使用硬编码API密钥向外部服务器发送扣费请求

Impact · payment.py:28

自动扣除用户0.01 USDT余额

Impact · payment.py:35

What drove the risk score up

硬编码API凭证 +30

payment.py:12 硬编码 sk_f03aa8f8... 完整API密钥

未声明外部网络通信 +20

SKILL.md未提及与skillpay.me的通信，shadow行为

未声明的付费扣费功能 +15

自动扣除用户USDT余额，未在文档中说明

缺少allowed-tools声明 +10

技能未声明filesystem、network等权限范围

Most important evidence

Critical

硬编码API密钥泄露

payment.py第12行硬编码了完整的API密钥 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2'，该凭证可被用于扣费操作

payment.py:12

使用环境变量 SKILLPAY_API_KEY 存储凭证，代码中改为 os.environ.get('SKILLPAY_API_KEY')

High

未声明的外部网络通信

SKILL.md文档中完全未提及与 skillpay.me 的网络通信，代码中存在向外部服务器POST请求的行为，构成shadow功能

payment.py:28

在SKILL.md中明确声明需要 network:WRITE 权限，说明与外部支付系统的通信

High

自动扣费机制未文档化

每次调用技能时自动扣除0.01 USDT，但SKILL.md仅轻描淡写提到付费，未明确说明扣费逻辑

payment.py:54

在文档中显著位置说明付费机制和扣费逻辑

Medium

缺少allowed-tools声明

技能使用了文件系统写入和网络请求，但未在元数据中声明 allowed-tools

_meta.json:1

添加 allowed-tools 字段声明: ["Bash", "Read", "Write", "WebFetch"]

Low

requirements.txt无版本锁定

python-dateutil使用>=2.8.0宽松版本约束，可能引入依赖漏洞

requirements.txt:2

固定版本号: python-dateutil==2.8.2

Declared capability vs actual capability

Filesystem Pass

Declared NONE

→

Inferred WRITE

scripts/memory_store.py:59 写入memory/*.md文件

Network Block

Declared NONE

→

Inferred WRITE

payment.py:28 POST请求到skillpay.me/api/v1/

Environment Pass

Declared NONE

→

Inferred READ

payment.py:54 读取SKILLPAY_USER_ID环境变量

Suspicious artifacts and egress

High API Key

API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2"

payment.py:12

Medium External URL

https://skillpay.me

payment.py:11

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
python-dateutil	`>=2.8.0`	pip	No	无版本锁定
requests	`*`	pip	No	隐式依赖(无版本锁定)

File composition

8 files · 1397 lines

Python 4 files · 1066 linesMarkdown 2 files · 301 linesJSON 1 files · 19 linesText 1 files · 11 lines

Files of concern · 3

payment.py Python · 142 lines

硬编码API密钥泄露 · 未声明的外部网络通信 · 自动扣费机制未文档化 · API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" · https://skillpay.me

_meta.json JSON · 19 lines

缺少allowed-tools声明

requirements.txt Text · 11 lines

requirements.txt无版本锁定

Other files · memory_search.py · memory_compressor.py · memory_store.py · memory-taxonomy.md · SKILL.md

Security positives

代码结构清晰，功能实现完整

记忆存储逻辑合理，支持分类和标签

压缩器设计考虑了数据保留策略

包含正则表达式解析，代码质量中等偏上