hui-yi 安全扫描报告 — 可信 | ClawSafe

0 /100

hui-yi

Manage a file-based cold-memory archive under memory/cold/

This is a straightforward file-based note management skill with no malicious behavior detected. All scripts operate exclusively on the declared memory/cold/ directory using only Python standard library.

技能名称hui-yi

分析耗时28.5s

引擎pi

✓

可以安装

This skill is safe to use. No action required.

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	All scripts (cool.py, decay.py, rebuild.py, search.py) only read/write to memory…
文件系统	`WRITE`	`WRITE`	✓ 一致	rebuild.py writes index.md, tags.json; decay.py modifies note confidence; cool.p…
网络访问	`NONE`	`NONE`	—	No socket, urllib, requests, or HTTP client imports in any script
命令执行	`NONE`	`NONE`	—	No subprocess, os.system, os.popen, or shell execution found
环境变量	`NONE`	`NONE`	—	No os.environ iteration or credential key access
技能调用	`NONE`	`NONE`	—	No skill invocation mechanism present
剪贴板	`NONE`	`NONE`	—	No clipboard access code found
浏览器	`NONE`	`NONE`	—	No browser automation or web requests
数据库	`NONE`	`NONE`	—	No database connectivity code found

目录结构

13 文件 · 53.3 KB · 1617 行

Markdown 7f · 1068L Python 4f · 523L YAML 1f · 21L JSON 1f · 5L

├─ ▾ 📁 references

│ ├─ 📝 cold-memory-schema.md Markdown 167L · 5.3 KB

│ ├─ 📝 examples.md Markdown 212L · 6.0 KB

│ └─ 📝 heartbeat-cooling-playbook.md Markdown 85L · 3.9 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 cool.py Python 147L · 4.6 KB

│ ├─ 🐍 decay.py Python 100L · 3.0 KB

│ ├─ 🐍 rebuild.py Python 187L · 6.5 KB

│ └─ 🐍 search.py Python 89L · 2.8 KB

├─ 📝 CHANGELOG.md Markdown 69L · 2.6 KB

├─ 📋 clawhub.json JSON 5L · 125 B

├─ 📝 MANIFEST_NOTES.md Markdown 37L · 1.2 KB

├─ 📋 manifest.yaml YAML 21L · 800 B

├─ 📝 README.md Markdown 299L · 6.6 KB

└─ 📝 SKILL.md Markdown 199L · 9.9 KB

安全亮点

✓ Uses only Python standard library (argparse, json, pathlib, datetime, re, shutil, sys) - no external dependencies

✓ All scripts use safe pathlib operations for file I/O

✓ Proper error handling with try/except blocks throughout

✓ Path resolution validates inputs and handles edge cases gracefully

✓ Scripts create backups (.bak) before overwriting files (rebuild.py)

✓ Documentation accurately describes all script functionality

✓ Skill explicitly warns against storing secrets/API keys in cold memory

✓ No obfuscation techniques (base64, eval, exec) used

✓ No network requests or data exfiltration indicators

✓ Scope is limited to a single directory tree (memory/cold/)