中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:2 days ago Rescan
20 /100
evermind-ai-everos
Install and configure EverOS for OpenClaw natural-language memory — a context-engine plugin that automatically recalls and saves conversation context via a local EverOS backend.
A legitimate OpenClaw context-engine plugin for persistent natural-language memory via a local EverOS backend, with only minor documentation-level risks and no malicious code.
Skill Nameevermind-ai-everos
Duration68.6s
Enginepi
Safe to install
Approve for use. The curl|sh pattern in documentation is a known-user workflow for backend setup, not hidden execution. The installer shell usage (openclaw restart) is declared. No credential harvesting, no sensitive path access, no exfiltration.

Findings 5 items

Severity Finding Location
Low
curl|sh remote script execution in documentation
Both README.md (line 70) and SKILL.md include 'curl -LsSf https://astral.sh/uv/install.sh | sh' as a backend setup step. While this is in documentation and requires user action, it sets a precedent for accepting pipe-to-shell patterns. The URL itself (astral.sh) is a legitimate package manager, and this command is only executed when users manually set up the backend.
curl -LsSf https://astral.sh/uv/install.sh | sh
→ Replace with a safer alternative such as 'pip install uv' or 'brew install astral-code/uv/uv' to avoid setting a precedent for pipe-to-shell execution.
 README.md:70
Low
Shell execution not declared in SKILL.md
bin/install.js uses Node's exec() to run 'openclaw gateway restart' (line 240). SKILL.md documents this as Step 4 but does not declare shell:WRITE capability. Impact is limited to restarting the local gateway.
exec("openclaw gateway restart", (err) => { ... })
→ Add 'shell:WRITE' to the declared capability map in SKILL.md or move the restart to an explicit step that users must approve.
 bin/install.js:240
Info
npm install without version pinning
SKILL.md and README.md instruct 'npm install -g @evermind-ai/openclaw-plugin' without a version constraint or --save-dev equivalent. This is standard npm behavior but creates a supply-chain risk if the package is updated unexpectedly.
npm install -g @evermind-ai/openclaw-plugin
→ Pin to a specific version: 'npm install -g @evermind-ai/[email protected]'
 SKILL.md:114
Info
HTTP timeout set to 60 seconds
src/http.js sets TIMEOUT_MS = 60000 (60 seconds) for all backend requests. Long timeouts on localhost connections are generally safe but could mask unresponsive backend issues.
export const TIMEOUT_MS = 60000;
→ Consider reducing timeout to 10-15 seconds for responsiveness, with retry logic already present.
 src/http.js:42
Info
No sensitive path access observed
The plugin accesses only ~/.openclaw/openclaw.json (a standard OpenClaw config path) and writes to ~/.openclaw/plugins/. No access to ~/.ssh, ~/.aws, .env, or other credential-adjacent paths.
const HOME_DIR = process.env.HOME || process.env.USERPROFILE; const CONFIG_PATH = path.join(HOME_DIR, ".openclaw", "openclaw.json");
→ No action needed. This is expected plugin behavior.
 bin/install.js:15
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✓ Aligned bin/install.js:129-131 — writes to ~/.openclaw/openclaw.json (documented plugin …
Network NONE READ ✓ Aligned src/http.js:29-43 — GET/POST to EverOS backend; src/api.js:63-70 — health check;…
Shell NONE WRITE ✓ Aligned bin/install.js:240 — exec('openclaw gateway restart'). Not declared in SKILL.md …
Environment NONE READ ✓ Aligned bin/install.js:15 — process.env.HOME used only to derive CONFIG_PATH (~/.opencla…
Skill Invoke NONE NONE No skill invocation found
Clipboard NONE NONE No clipboard access found
Browser NONE NONE No browser access found
Database NONE NONE No direct database access. All persistence goes through the EverOS REST API (POS…
1 Critical 2 findings
💀
Critical Dangerous Command 危险 Shell 命令
curl -LsSf https://astral.sh/uv/install.sh | sh
README.md:70
🔗
Medium External URL 外部 URL
https://astral.sh/uv/install.sh
README.md:70

File Tree

17 files · 66.3 KB · 2210 lines
JavaScript 12f · 1435L Markdown 3f · 680L JSON 2f · 95L
├─ 📁 bin
│ └─ 📜 install.js JavaScript 370L · 11.1 KB
├─ 📁 src
│ ├─ 📜 api.js JavaScript 81L · 2.9 KB
│ ├─ 📜 config.js JavaScript 14L · 457 B
│ ├─ 📜 convert.js JavaScript 64L · 2.1 KB
│ ├─ 📜 engine.js JavaScript 319L · 10.9 KB
│ ├─ 📜 http.js JavaScript 50L · 1.7 KB
│ ├─ 📜 messages.js JavaScript 47L · 2.0 KB
│ ├─ 📜 prompt.js JavaScript 152L · 5.1 KB
│ ├─ 📜 subagent-assembler.js JavaScript 96L · 2.9 KB
│ ├─ 📜 subagent-tracker.js JavaScript 116L · 2.7 KB
│ └─ 📜 types.js JavaScript 107L · 4.2 KB
├─ 📜 index.js JavaScript 19L · 684 B
├─ 📋 openclaw.plugin.json JSON 50L · 1.5 KB
├─ 📋 package.json JSON 45L · 847 B
├─ 📝 README.md Markdown 175L · 4.4 KB
├─ 📝 README.zh.md Markdown 175L · 4.4 KB
└─ 📝 SKILL.md Markdown 330L · 8.3 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
@evermind-ai/openclaw-plugin ^1.4.0 npm No No dependencies listed in package.json; plugin is self-contained
npx not pinned shell No SKILL.md uses 'npx --yes --package @evermind-ai/openclaw-plugin' without version constraint

Security Positives

✓ No credential harvesting or environment variable iteration found
✓ No base64-encoded payloads or eval() of remote content
✓ No hardcoded external IP addresses; all network calls default to localhost:1995
✓ No data exfiltration — plugin only POSTs user messages to the locally configured EverOS backend
✓ Plugin modifies only the OpenClaw config file (~/.openclaw/openclaw.json) which is its stated purpose
✓ Config file is backed up before modification (.bak)
✓ Uses SHA-256 for deterministic message ID generation (src/api.js:49)
✓ Tool call blocks are filtered before sending to memory backend, reducing information bloat
✓ In-memory session state with TTL (2 hours) prevents unbounded memory growth
✓ Source code is well-structured with clear module separation