Context Cache Manager 安全扫描报告 — 可信 | ClawSafe

5 /100

Context Cache Manager

Fork-safe context cloning + intelligent compression + fast session recovery for AI agent state management

Legitimate context cache manager with no security concerns - only performs local file I/O for session state management.

技能名称Context Cache Manager

分析耗时26.3s

引擎pi

✓

可以安装

Skill is safe to use. No action required.

安全发现 2 项

严重性	安全发现	位置
提示	Pickle serialization for cache files Uses Python pickle for serialization, which can theoretically be unsafe with untrusted data. However, this is acceptable for local-only cache management with controlled data sources. `with gzip.open(cache_path, 'wb') as f: pickle.dump(asdict(snapshot), f)` → Consider using json or msgpack for serialization to eliminate theoretical deserialization risks, though current usage is low risk due to local-only cache files.	`context_cache_manager.py:89`
提示	Writes to user home directory Cache files are stored in ~/.openclaw/workspace/tmp/context-cache/ which is appropriate for application state but should be documented. `CACHE_DIR = Path.home() / ".openclaw" / "workspace" / "tmp" / "context-cache"` → This is appropriate behavior for a session cache manager - no concern.	`context_cache_manager.py:14`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	context_cache_manager.py:89-93 writes gzip files to CACHE_DIR
文件系统	`READ`	`READ`	✓ 一致	context_cache_manager.py:102-113 reads gzip files from CACHE_DIR
命令执行	`NONE`	`NONE`	—	No subprocess, os.system, or command execution found
网络访问	`NONE`	`NONE`	—	No socket, urllib, requests, or network calls found
环境变量	`NONE`	`NONE`	—	No os.environ iteration or credential access
技能调用	`NONE`	`NONE`	—	No dynamic skill invocation detected
剪贴板	`NONE`	`NONE`	—	No clipboard access found
浏览器	`NONE`	`NONE`	—	No browser automation found
数据库	`NONE`	`NONE`	—	No database access found

2 文件 · 12.7 KB · 458 行

Python 1f · 291L Markdown 1f · 167L

├─ 🐍 context_cache_manager.py Python 291L · 8.5 KB

└─ 📝 SKILL.md Markdown 167L · 4.2 KB

✓ No network requests or external communications

✓ No shell or subprocess execution

✓ No credential harvesting or environment variable access

✓ No base64, eval, or dynamic code execution

✓ No suspicious download patterns (curl|bash, wget|sh)

✓ Standard library only - no external dependencies

✓ Properly declared filesystem READ/WRITE for cache operations

✓ Clear documentation of functionality and permissions