memory-hybrid-stack 安全扫描报告 — 低风险 | ClawSafe

15 /100

memory-hybrid-stack

Hybrid memory stack management skill for Postgres, Redis, and Qdrant databases

This is a legitimate memory stack management skill with straightforward database wrapper scripts that connect only to localhost. No malicious patterns detected, though SQL/command injection is theoretically possible if users provide unsanitized input.

技能名称memory-hybrid-stack

分析耗时38.9s

引擎pi

✓

可以安装

The skill is safe for use but should not be granted arbitrary SQL execution capabilities. Validate and sanitize any user-provided SQL/Redis commands before passing to scripts.

安全发现 3 项

严重性	安全发现	位置
低危	Potential SQL injection via facts_sql.sh 代码执行 The script passes all arguments directly to psql without sanitization. If the AI agent can control the SQL string, malicious queries could be executed. `SQL="$*" printf '%s\n' "$SQL" \| "${PSQL[@]}"` → Consider implementing query validation or using parameterized queries if possible.	`scripts/facts_sql.sh:29`
低危	Potential command injection via state_kv.sh 代码执行 Redis keys and values are passed directly to redis-cli without escaping. Malicious key names could potentially cause issues. `"${CLI[@]}" GET "$key"` → Validate key names before passing to redis-cli.	`scripts/state_kv.sh:55`
低危	Redis password visible in process arguments 凭证窃取 When a Redis password is configured, it is passed via -a flag to redis-cli, making it visible in process listings. `CLI+=(-a "$REDIS_PASSWORD")` → Use REDISCLI_AUTH environment variable instead for better security.	`scripts/state_kv.sh:27`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	Scripts read .env file via source; file paths are controlled and documented
网络访问	`READ`	`READ`	✓ 一致	All scripts connect only to localhost (Postgres, Redis, Qdrant)
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md declares shell execution for running database scripts
环境变量	`READ`	`READ`	✓ 一致	Scripts source .env file; credentials stay local
技能调用	`NONE`	`NONE`	—	No cross-skill invocation detected
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser access
数据库	`WRITE`	`WRITE`	✓ 一致	SQL, Redis, and Qdrant operations documented and scoped to localhost

目录结构

5 文件 · 10.7 KB · 349 行

Markdown 2f · 206L Shell 3f · 143L

├─ ▾ 📁 references

│ └─ 📝 connection-map.md Markdown 71L · 1.9 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 facts_sql.sh Shell 34L · 837 B

│ ├─ 🔧 qdrant_request.sh Shell 44L · 1017 B

│ └─ 🔧 state_kv.sh Shell 65L · 1.2 KB

└─ 📝 SKILL.md Markdown 135L · 5.8 KB

安全亮点

✓ All network connections are localhost-only (no external IP communication)

✓ No base64 encoding or obfuscation detected

✓ No credential exfiltration or data theft patterns

✓ No reverse shell or C2 communication

✓ Documentation accurately describes the scripts' behavior

✓ Scripts use set -euo pipefail for safe bash practices

✓ Credentials are only used locally for database authentication