memory-orchestrator Security Report — Low Risk | ClawSafe

28 /100

memory-orchestrator

全栈智能记忆系统 - AI agent semantic memory with emotion tagging, knowledge graphs, and self-evolution

A legitimate memory orchestration system with moderate security concerns: undeclared shell execution, supply chain risks from unpinned dependencies, and a documentation mismatch for the clipboard capability.

Skill Namememory-orchestrator

Duration68.5s

Enginepi

✓

Safe to install

Review and approve with conditions: pin all dependency versions, declare shell execution in documentation, and remove clipboard from capability map since it's not implemented.

Findings 5 items

Severity	Finding	Location
Medium	Unpinned dependency versions Supply Chain requirements.txt uses version ranges (>=) instead of pinned versions (==), enabling dependency confusion and unexpected behavior `faiss-cpu>=1.7.4 sentence-transformers>=2.2.2` → Pin all dependencies to specific versions to ensure reproducible builds and prevent supply chain attacks	`requirements.txt:3`
Medium	Direct git repository installation Supply Chain clip package is installed directly from GitHub URL, executing remote code during installation `clip @ git+https://github.com/openai/CLIP.git` → Use a released version from PyPI or pin to a specific git commit hash	`requirements.txt:9`
Low	System service manipulation via sudo Priv Escalation install.sh uses sudo to enable and start syncthing@claw systemd service `sudo systemctl enable syncthing@claw sudo systemctl start syncthing@claw` → Ensure this is intentional for the skill's functionality and declare in documentation	`install.sh:51`
Low	Cron job installation without explicit consent Persistence install.sh silently adds a cron job to run auto-commit-memory.sh every 30 minutes `(crontab -l 2>/dev/null; echo "/30 * * * $SKILL_DIR/scripts/auto-commit-memory.sh") \| crontab -` → Make cron setup optional with --enable-cron flag or document clearly	`install.sh:68`
Low	Capability declared but not implemented Doc Mismatch SKILL.md capability map lists clipboard:READ but no code accesses clipboard functionality `Clipboard (clipboard) - Access: READ` → Remove clipboard from capability map or implement if intended	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`WRITE`	✓ Aligned	build_memory_index.py: Writes FAISS indexes and JSON metadata to $WORKSPACE/inde…
Network	`READ`	`READ`	✓ Aligned	multimodal_processor.py: Downloads CLIP/Whisper models from HuggingFace
Shell	`NONE`	`WRITE`	✗ Violation	install.sh:51 uses sudo systemctl; self_evolution_engine.py:200 subprocess.run f…
Environment	`NONE`	`READ`	✗ Violation	Scripts read Path.home() and workspace paths from environment
Clipboard	`READ`	`NONE`	✗ Violation	SKILL.md lists clipboard:READ but no code references clipboard access
Skill Invoke	`NONE`	`READ`	✓ Aligned	Workflows reference other skills (memory-watchdog, agent-browser)

5 findings

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/Clawhub-memory--orchestrator-blue

README.md:5

🔗

Medium External URL 外部 URL

https://clawhub.com/skills/memory-orchestrator

README.md:5

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/version-1.0.0-green

README.md:6

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/license-MIT-yellow

README.md:7

🔗

Medium External URL 外部 URL

https://ollama.ai

install.sh:31

File Tree

17 files · 147.6 KB · 4677 lines

Python 7f · 3014L YAML 4f · 1151L Markdown 2f · 282L Shell 3f · 206L Text 1f · 24L

├─ ▾ 📁 scripts

│ ├─ 🔧 auto-commit-memory.sh Shell 43L · 1.1 KB

│ ├─ 🐍 build_memory_index.py Python 127L · 3.9 KB

│ ├─ 🐍 conflict_detector.py Python 372L · 14.4 KB

│ ├─ 🐍 emotion_tagger.py Python 673L · 21.7 KB

│ ├─ 🐍 knowledge_graph_builder.py Python 341L · 12.4 KB

│ ├─ 🐍 multimodal_processor.py Python 730L · 22.5 KB

│ ├─ 🐍 search_memory.py Python 95L · 2.8 KB

│ └─ 🐍 self_evolution_engine.py Python 676L · 22.8 KB

├─ ▾ 📁 workflows

│ ├─ 📋 memory-activerecommend.yaml YAML 644L · 17.6 KB

│ ├─ 📋 memory-knowledgegraph.yaml YAML 137L · 4.5 KB

│ ├─ 📋 memory-multimodal.yaml YAML 230L · 6.8 KB

│ └─ 📋 memory-sync.yaml YAML 140L · 4.2 KB

├─ 🔧 install.sh Shell 107L · 3.5 KB

├─ 📝 README.md Markdown 88L · 2.0 KB

├─ 📄 requirements.txt Text 24L · 363 B

├─ 🔧 run.sh Shell 56L · 1.4 KB

└─ 📝 SKILL.md Markdown 194L · 5.6 KB

Dependencies 7 items

Package	Version	Source	Known Vulns	Notes
`faiss-cpu`	`>=1.7.4`	pip	No	Version not pinned
`sentence-transformers`	`>=2.2.2`	pip	No	Version not pinned
`torch`	`>=2.0.0`	pip	No	Version not pinned
`clip`	`git+https://github.com/openai/CLIP.git`	git	No	Direct git installation - supply chain risk
`whisper`	`>=1.1.10`	pip	No	Version not pinned
`networkx`	`>=3.1`	pip	No	Version not pinned
`transformers`	`>=4.30.0`	pip	No	Version not pinned

Security Positives

✓ No credential harvesting or API key theft detected

✓ No data exfiltration to external servers

✓ No base64-encoded or obfuscated code

✓ No reverse shell or C2 communication patterns

✓ subprocess calls only legitimate CLI tools (ollama, git, systemctl)

✓ Memory data stored locally in user's workspace

✓ git-crypt encryption for sensitive files is appropriate

✓ No hidden HTML comments or prompt injection attempts

Scan Report

Findings 5 items

File Tree

Dependencies 7 items

Security Positives