ClaWiser 安全扫描报告 — 低风险 | ClawSafe

10 /100

ClaWiser

Agent memory and workflow enhancement suite with 8 modules: memory-deposit, retrieval-enhance, noise-reduction, hdd, sdd, save-game, load-game, project-skill-pairing

ClaWiser is a legitimate agent memory and workflow enhancement suite with no malicious behavior detected. All scripts perform documented, benign operations: reading session transcripts, merging conversations, and git auto-commit. No credential theft, data exfiltration, reverse shells, or hidden functionality found.

技能名称ClaWiser

分析耗时53.5s

引擎pi

✓

可以安装

This skill is safe to use. Monitor the memory/transcripts/ directory growth over time and review the cron task if installed, but no immediate action required.

安全发现 4 项

严重性	安全发现	位置
低危	Shell script executes git operations auto-commit.sh runs git add, git commit, and git status commands. This is necessary for the memory management workflow and is fully documented in SKILL.md. `#!/bin/bash ... git add -- "$file" ... git commit -m "$message"` → No action needed — this is documented and necessary behavior for the memory Git integration feature.	`assets/memory-deposit/scripts/auto-commit.sh:1`
低危	Node.js scripts read from OpenClaw session directories merge-daily-transcript.js and diagnose-noise.js read session JSONL files from ~/.openclaw/agents/main/sessions. This is the primary data source for the memory consolidation feature. `const SESSIONS_DIR = path.join(HOME, '.openclaw', 'agents', 'main', 'sessions')` → No action needed — reading own session data is expected for memory management.	`assets/memory-deposit/scripts/merge-daily-transcript.js:45`
低危	SKILL.md installer writes to AGENTS.md and SOUL.md The main installer appends routing rules and self-description content to the agent's AGENTS.md and SOUL.md files. This is a one-time installation behavior. `在用户的 AGENTS.md 末尾追加以下路由规则` → No action needed — installation-time configuration modification is documented and necessary for the skill to function.	`SKILL.md:138`
提示	Two external URLs in memory-deposit documentation SKILL.md references dashscope.aliyuncs.com (embedding API) and bailian.console.aliyun.com (key management) as configuration examples. These are legitimate cloud service endpoints, not indicators of data exfiltration. `baseUrl: "https://dashscope.aliyuncs.com/compatible-mode/v1"` → No action needed — these are user-facing configuration examples for embedding API setup, not automatic network calls made by the skill.	`assets/memory-deposit/SKILL.md:153`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ+WRITE`	✓ 一致	merge-daily-transcript.js reads ~/.openclaw sessions, writes to memory/transcrip…
命令执行	`NONE`	`WRITE`	✓ 一致	auto-commit.sh executes git add/commit; SKILL.md installer runs cp/mkdir/bash co…
网络访问	`NONE`	`NONE`	—	External URLs (dashscope.aliyuncs.com) only referenced in config examples, not a…
环境变量	`NONE`	`READ`	✓ 一致	merge-daily-transcript.js reads OPENCLAW_WORKSPACE, TZ from env — standard confi…
技能调用	`NONE`	`READ+WRITE`	✓ 一致	SKILL.md copies skill directories and writes to AGENTS.md/SOUL.md — all document…
剪贴板	`NONE`	`NONE`	—	N/A
浏览器	`NONE`	`NONE`	—	N/A
数据库	`NONE`	`NONE`	—	N/A

2 项发现

🔗

中危外部 URL 外部 URL

https://dashscope.aliyuncs.com/compatible-mode/v1

assets/memory-deposit/SKILL.md:153

🔗

中危外部 URL 外部 URL

https://bailian.console.aliyun.com/

assets/memory-deposit/SKILL.md:158

目录结构

18 文件 · 136.6 KB · 3444 行

Markdown 14f · 2083L JavaScript 3f · 1297L Shell 1f · 64L

├─ ▾ 📁 assets

│ ├─ ▾ 📁 hdd

│ │ └─ 📝 SKILL.md Markdown 365L · 15.1 KB

│ ├─ ▾ 📁 load-game

│ │ └─ 📝 SKILL.md Markdown 129L · 3.9 KB

│ ├─ ▾ 📁 memory-deposit

│ │ ├─ ▾ 📁 references

│ │ │ └─ 📝 memory-rules.md Markdown 25L · 737 B

│ │ ├─ ▾ 📁 scripts

│ │ │ ├─ 🔧 auto-commit.sh Shell 64L · 2.0 KB

│ │ │ └─ 📜 merge-daily-transcript.js JavaScript 499L · 19.0 KB

│ │ └─ 📝 SKILL.md Markdown 191L · 6.9 KB

│ ├─ ▾ 📁 noise-reduction

│ │ ├─ ▾ 📁 references

│ │ │ ├─ 📝 common-failures.md Markdown 101L · 5.7 KB

│ │ │ ├─ 📝 example-classifier.md Markdown 77L · 3.0 KB

│ │ │ └─ 📝 noise-categories.md Markdown 50L · 2.7 KB

│ │ ├─ ▾ 📁 scripts

│ │ │ ├─ 📜 diagnose-noise.js JavaScript 411L · 16.2 KB

│ │ │ └─ 📜 validate-noise-reduction.js JavaScript 387L · 14.4 KB

│ │ └─ 📝 SKILL.md Markdown 231L · 10.7 KB

│ ├─ ▾ 📁 project-skill-pairing

│ │ └─ 📝 SKILL.md Markdown 152L · 4.6 KB

│ ├─ ▾ 📁 retrieval-enhance

│ │ └─ 📝 SKILL.md Markdown 185L · 6.5 KB

│ ├─ ▾ 📁 save-game

│ │ └─ 📝 SKILL.md Markdown 134L · 4.6 KB

│ └─ ▾ 📁 sdd

│ └─ 📝 SKILL.md Markdown 111L · 5.5 KB

├─ 📝 README.md Markdown 88L · 3.2 KB

└─ 📝 SKILL.md Markdown 244L · 11.9 KB

安全亮点

✓ No credential harvesting — scripts read session data but do not access SSH keys, AWS credentials, .env files, or API keys

✓ No data exfiltration — all data processing is local (read sessions, merge/transcribe, write to memory/)

✓ No base64-encoded payloads or obfuscated code anywhere in the codebase

✓ No reverse shells, C2 infrastructure, or direct IP network requests

✓ No curl|bash or wget|sh remote script execution patterns

✓ No hidden functionality — all capabilities (git auto-commit, transcript merging, noise filtering) are clearly documented

✓ Scripts use only standard Node.js modules (fs, path, os) with no external dependencies or package.json

✓ No eval(), Function(), or dynamic code execution

✓ Script paths are hardcoded to OpenClaw standard locations, not arbitrary system paths

✓ No attempt to access sensitive directories like ~/.ssh, ~/.aws, or /etc/