中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
yaoyaoya-memory
Universal Memory System for AI Assistants with IMA sync
Legitimate memory management skill with standard file operations and documented IMA sync functionality. No malicious indicators detected.
Skill Nameyaoyaoya-memory
Duration33.9s
Enginepi
Safe to install
No action required. The skill operates as documented with appropriate scope.

Findings 2 items

Severity Finding Location
Info
No security concerns identified
This skill performs standard file operations for memory management and documented IMA API sync. All functionality is declared in SKILL.md.
Universal Memory System for AI Assistants
→ This is a legitimate skill with no security issues.
 SKILL.md:1
Info
Standard urllib usage for IMA sync
sync_ima.py uses urllib.request to call ima.qq.com API. This is expected behavior for knowledge synchronization.
IMA_API_BASE = 'https://ima.qq.com/'
→ No action required - this is documented functionality.
 scripts/sync_ima.py:57
ResourceDeclaredInferredStatusEvidence
Filesystem READ,WRITE READ,WRITE ✓ Aligned memory_search.py reads workspace files; sync_ima.py reads/writes memory files
Network READ READ ✓ Aligned sync_ima.py makes HTTP POST to ima.qq.com for knowledge sync (documented in SKIL…
Shell NONE NONE No subprocess or shell execution found
1 findings
🔗
Medium External URL 外部 URL
https://ima.qq.com/
scripts/sync_ima.py:40

File Tree

5 files · 17.6 KB · 669 lines
Markdown 2f · 353L Python 2f · 287L JSON 1f · 29L
├─ 📁 scripts
│ ├─ 🐍 memory_search.py Python 94L · 2.6 KB
│ └─ 🐍 sync_ima.py Python 193L · 5.9 KB
├─ 📋 config.example.json JSON 29L · 834 B
├─ 📝 README.md Markdown 110L · 2.2 KB
└─ 📝 SKILL.md Markdown 243L · 6.1 KB

Security Positives

✓ No shell execution (subprocess, os.system, etc.)
✓ No obfuscation techniques (base64, eval, atob)
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No credential harvesting or exfiltration
✓ No reverse shell or C2 indicators
✓ All network calls target documented endpoint (ima.qq.com)
✓ Clean, readable Python code with no hidden functionality
✓ API credentials sourced only from environment variables or user config
✓ File operations scoped to workspace directory only