扫描报告
5 /100
yaoyaoya-memory
Universal Memory System for AI Assistants with IMA sync
Legitimate memory management skill with standard file operations and documented IMA sync functionality. No malicious indicators detected.
可以安装
No action required. The skill operates as documented with appropriate scope.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 提示 | No security concerns identified | SKILL.md:1 |
| 提示 | Standard urllib usage for IMA sync | scripts/sync_ima.py:57 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ,WRITE | READ,WRITE | ✓ 一致 | memory_search.py reads workspace files; sync_ima.py reads/writes memory files |
| 网络访问 | READ | READ | ✓ 一致 | sync_ima.py makes HTTP POST to ima.qq.com for knowledge sync (documented in SKIL… |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution found |
1 项发现
中危 外部 URL 外部 URL
https://ima.qq.com/ scripts/sync_ima.py:40 目录结构
5 文件 · 17.6 KB · 669 行 Markdown 2f · 353L
Python 2f · 287L
JSON 1f · 29L
├─
▾
scripts
│ ├─
memory_search.py
Python
│ └─
sync_ima.py
Python
├─
config.example.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ No shell execution (subprocess, os.system, etc.)
✓ No obfuscation techniques (base64, eval, atob)
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No credential harvesting or exfiltration
✓ No reverse shell or C2 indicators
✓ All network calls target documented endpoint (ima.qq.com)
✓ Clean, readable Python code with no hidden functionality
✓ API credentials sourced only from environment variables or user config
✓ File operations scoped to workspace directory only