中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:2 天前 重新扫描
20 /100
evermind-ai-everos
Install and configure EverOS for OpenClaw natural-language memory — a context-engine plugin that automatically recalls and saves conversation context via a local EverOS backend.
A legitimate OpenClaw context-engine plugin for persistent natural-language memory via a local EverOS backend, with only minor documentation-level risks and no malicious code.
技能名称evermind-ai-everos
分析耗时68.6s
引擎pi
可以安装
Approve for use. The curl|sh pattern in documentation is a known-user workflow for backend setup, not hidden execution. The installer shell usage (openclaw restart) is declared. No credential harvesting, no sensitive path access, no exfiltration.

安全发现 5 项

严重性 安全发现 位置
低危
curl|sh remote script execution in documentation
Both README.md (line 70) and SKILL.md include 'curl -LsSf https://astral.sh/uv/install.sh | sh' as a backend setup step. While this is in documentation and requires user action, it sets a precedent for accepting pipe-to-shell patterns. The URL itself (astral.sh) is a legitimate package manager, and this command is only executed when users manually set up the backend.
curl -LsSf https://astral.sh/uv/install.sh | sh
→ Replace with a safer alternative such as 'pip install uv' or 'brew install astral-code/uv/uv' to avoid setting a precedent for pipe-to-shell execution.
 README.md:70
低危
Shell execution not declared in SKILL.md
bin/install.js uses Node's exec() to run 'openclaw gateway restart' (line 240). SKILL.md documents this as Step 4 but does not declare shell:WRITE capability. Impact is limited to restarting the local gateway.
exec("openclaw gateway restart", (err) => { ... })
→ Add 'shell:WRITE' to the declared capability map in SKILL.md or move the restart to an explicit step that users must approve.
 bin/install.js:240
提示
npm install without version pinning
SKILL.md and README.md instruct 'npm install -g @evermind-ai/openclaw-plugin' without a version constraint or --save-dev equivalent. This is standard npm behavior but creates a supply-chain risk if the package is updated unexpectedly.
npm install -g @evermind-ai/openclaw-plugin
→ Pin to a specific version: 'npm install -g @evermind-ai/[email protected]'
 SKILL.md:114
提示
HTTP timeout set to 60 seconds
src/http.js sets TIMEOUT_MS = 60000 (60 seconds) for all backend requests. Long timeouts on localhost connections are generally safe but could mask unresponsive backend issues.
export const TIMEOUT_MS = 60000;
→ Consider reducing timeout to 10-15 seconds for responsiveness, with retry logic already present.
 src/http.js:42
提示
No sensitive path access observed
The plugin accesses only ~/.openclaw/openclaw.json (a standard OpenClaw config path) and writes to ~/.openclaw/plugins/. No access to ~/.ssh, ~/.aws, .env, or other credential-adjacent paths.
const HOME_DIR = process.env.HOME || process.env.USERPROFILE; const CONFIG_PATH = path.join(HOME_DIR, ".openclaw", "openclaw.json");
→ No action needed. This is expected plugin behavior.
 bin/install.js:15
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✓ 一致 bin/install.js:129-131 — writes to ~/.openclaw/openclaw.json (documented plugin …
网络访问 NONE READ ✓ 一致 src/http.js:29-43 — GET/POST to EverOS backend; src/api.js:63-70 — health check;…
命令执行 NONE WRITE ✓ 一致 bin/install.js:240 — exec('openclaw gateway restart'). Not declared in SKILL.md …
环境变量 NONE READ ✓ 一致 bin/install.js:15 — process.env.HOME used only to derive CONFIG_PATH (~/.opencla…
技能调用 NONE NONE No skill invocation found
剪贴板 NONE NONE No clipboard access found
浏览器 NONE NONE No browser access found
数据库 NONE NONE No direct database access. All persistence goes through the EverOS REST API (POS…
1 严重 2 项发现
💀
严重 危险命令 危险 Shell 命令
curl -LsSf https://astral.sh/uv/install.sh | sh
README.md:70
🔗
中危 外部 URL 外部 URL
https://astral.sh/uv/install.sh
README.md:70

目录结构

17 文件 · 66.3 KB · 2210 行
JavaScript 12f · 1435L Markdown 3f · 680L JSON 2f · 95L
├─ 📁 bin
│ └─ 📜 install.js JavaScript 370L · 11.1 KB
├─ 📁 src
│ ├─ 📜 api.js JavaScript 81L · 2.9 KB
│ ├─ 📜 config.js JavaScript 14L · 457 B
│ ├─ 📜 convert.js JavaScript 64L · 2.1 KB
│ ├─ 📜 engine.js JavaScript 319L · 10.9 KB
│ ├─ 📜 http.js JavaScript 50L · 1.7 KB
│ ├─ 📜 messages.js JavaScript 47L · 2.0 KB
│ ├─ 📜 prompt.js JavaScript 152L · 5.1 KB
│ ├─ 📜 subagent-assembler.js JavaScript 96L · 2.9 KB
│ ├─ 📜 subagent-tracker.js JavaScript 116L · 2.7 KB
│ └─ 📜 types.js JavaScript 107L · 4.2 KB
├─ 📜 index.js JavaScript 19L · 684 B
├─ 📋 openclaw.plugin.json JSON 50L · 1.5 KB
├─ 📋 package.json JSON 45L · 847 B
├─ 📝 README.md Markdown 175L · 4.4 KB
├─ 📝 README.zh.md Markdown 175L · 4.4 KB
└─ 📝 SKILL.md Markdown 330L · 8.3 KB

依赖分析 2 项

包名版本来源已知漏洞备注
@evermind-ai/openclaw-plugin ^1.4.0 npm No dependencies listed in package.json; plugin is self-contained
npx not pinned shell SKILL.md uses 'npx --yes --package @evermind-ai/openclaw-plugin' without version constraint

安全亮点

✓ No credential harvesting or environment variable iteration found
✓ No base64-encoded payloads or eval() of remote content
✓ No hardcoded external IP addresses; all network calls default to localhost:1995
✓ No data exfiltration — plugin only POSTs user messages to the locally configured EverOS backend
✓ Plugin modifies only the OpenClaw config file (~/.openclaw/openclaw.json) which is its stated purpose
✓ Config file is backed up before modification (.bak)
✓ Uses SHA-256 for deterministic message ID generation (src/api.js:49)
✓ Tool call blocks are filtered before sending to memory backend, reducing information bloat
✓ In-memory session state with TTL (2 hours) prevents unbounded memory growth
✓ Source code is well-structured with clear module separation