Memory Pruner 安全扫描报告 — 可疑 | ClawSafe

35 /100

Memory Pruner

Intelligent memory management for agents. Keep only what matters, prune the rest.

The skill declares shell runtime and references a memory-pruner script that does not exist, constituting a documentation mismatch with no functional code present.

技能名称Memory Pruner

分析耗时26.2s

引擎pi

⚠

谨慎使用

Do not use this skill until the actual implementation scripts are provided and reviewed. The mismatch between declared runtime and missing code is a red flag.

安全发现 2 项

严重性	安全发现	位置
中危	Referenced implementation files are missing 文档欺骗 SKILL.md references 'memory-pruner' as the main CLI script and 'memory/' as the working directory, but these files do not exist in the package. The pre-scan confirms hasScripts: false. `Files: memory-pruner — Main CLI script, memory/ — Working directory` → Do not trust this skill. Request actual implementation code before any evaluation.	`SKILL.md:58`
低危	Entry point declared but not present 文档欺骗 config.json specifies 'entry': 'memory-pruner' with runtime: 'shell', indicating a shell script entry point that is absent from the package. `"entry": "memory-pruner", "runtime": "shell"` → Verify the package contents match the declared structure before use.	`config.json:12`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✓ 一致	config.json declares runtime: shell but no scripts exist to verify
命令执行	`WRITE`	`UNKNOWN`	✓ 一致	config.json declares runtime: shell but memory-pruner script is missing

目录结构

2 文件 · 2.3 KB · 86 行

Markdown 1f · 73L JSON 1f · 13L

├─ 🔑 config.json ⚠ JSON 13L · 389 B

└─ 📝 SKILL.md Markdown 73L · 1.9 KB

安全亮点

✓ No malicious code present in the package

✓ No obfuscation, base64-encoded strings, or anti-analysis patterns detected

✓ No credential harvesting or environment variable access attempted

✓ No network requests or external IP communications

✓ No suspicious IOCs (indicators of compromise) in the pre-scan