Scan Report
5 /100
memory-tree
🌳 记忆树 — 周报自动生成,永久记忆标记,关键词搜索
The memory-tree skill v2.0 is a legitimate local memory management tool with no malicious behavior detected - all declared capabilities match the actual implementation.
Safe to install
This skill is safe to use. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md declares '零依赖,纯本地运行'; code reads ~/.openclaw/workspace/MEMORY.md |
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md declares memory storage; code writes to memory-tree/data/ |
| Network | NONE | NONE | — | v2.0 removed Ollama embedding; only local keyword search implemented |
| Shell | NONE | NONE | — | No subprocess calls in memory_tree.py |
1 findings
Medium External URL 外部 URL
https://x.com/loryoncloud README.md:130 File Tree
5 files · 25.2 KB · 841 lines Python 1f · 596L
Markdown 3f · 230L
JSON 1f · 15L
├─
▾
scripts
│ └─
memory_tree.py
Python
├─
_meta.json
JSON
├─
README.md
Markdown
├─
SECURITY.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Zero external dependencies - uses only Python standard library
✓ Pure local operation with no network requests in v2.0
✓ Clear documentation of all file system access paths
✓ Well-structured code with no obfuscation or suspicious patterns
✓ No shell execution, credential harvesting, or data exfiltration
✓ No base64-encoded content or eval() usage
✓ v2.0 explicitly removed cloud embedding dependencies