memory-lancedb-pro 安全扫描报告 — 低风险 | ClawSafe

5 /100

memory-lancedb-pro

Production-grade long-term memory system (v1.1.0-beta.8) for OpenClaw AI agents. Provides persistent, intelligent memory storage using LanceDB with hybrid vector + BM25 retrieval, LLM-powered Smart Extraction, Weibull decay lifecycle, and multi-scope isolation.

Pure documentation skill (Markdown only) providing installation and configuration guidance for a memory plugin. No executable code, scripts, or binaries present. Minor concern: remote script download pattern in documentation.

技能名称memory-lancedb-pro

分析耗时40.5s

引擎pi

✓

可以安装

Safe to use. No executable components. The documented `curl|bash` remote script pattern is standard practice and clearly disclosed. No action required.

安全发现 2 项

严重性	安全发现	位置
低危	Remote script download pattern in documentation 供应链 The Quick Install section references downloading and executing a shell script from GitHub raw content: `curl -fsSL https://raw.githubusercontent.com/CortexReach/toolbox/main/memory-lancedb-pro-setup/setup-memory.sh -o setup-memory.sh && bash setup-memory.sh`. This is a documented pattern with `--dry-run` and `--selfcheck-only` options, but the remote script is not reviewed in this package. `curl -fsSL https://raw.githubusercontent.com/CortexReach/toolbox/main/memory-lancedb-pro-setup/setup-memory.sh -o setup-memory.sh` → Review the external script at the GitHub URL before executing it. Use the `--dry-run` flag to preview actions first.	`SKILL.md:686`
低危	Misleading Iron Rule references dangerous command 文档欺骗 The 'Iron Rules for AI Agents' section includes `rm -rf /tmp/jiti/` as a required step. While the target `/tmp/jiti/` is a legitimate cache directory (not root), the prefix `rm -rf` with a glob-like pattern is an IOC that was flagged by pre-scan. This is benign in context but creates false-positive security alerts. `rm -rf /tmp/jiti/` → Use `rm -rf ~/.cache/jiti/` or a more specific path to reduce confusion and avoid false-positive security flags.	`SKILL.md:697`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	Markdown documentation files only; no file write operations
网络访问	`READ`	`READ`	✓ 一致	Only URL references for external services (jina.ai, openai.com, GitHub) — all de…
命令执行	`NONE`	`NONE`	—	No executable scripts present; shell commands appear only as documentation
环境变量	`NONE`	`NONE`	—	No environment variable access
技能调用	`READ`	`READ`	✓ 一致	Skill is itself a documentation resource
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access; documents LanceDB configuration but does not connect

1 严重 18 项发现

💀

严重危险命令危险 Shell 命令

rm -rf /

SKILL.md:697

🔗

中危外部 URL 外部 URL

https://claude.ai/code

README.md:28

🔗

中危外部 URL 外部 URL

https://openclaw.ai

README.md:32

🔗

中危外部 URL 外部 URL

https://storage.ko-fi.com/cdn/kofi2.png?v=3

README.md:229

🔗

中危外部 URL 外部 URL

https://ko-fi.com/aila

README.md:229

🔗

中危外部 URL 外部 URL

https://jina.ai/api-key

SKILL.md:29

🔗

中危外部 URL 外部 URL

https://platform.openai.com/api-keys

SKILL.md:29

🔗

中危外部 URL 外部 URL

https://cloud.siliconflow.cn/account/ak

SKILL.md:38

🔗

中危外部 URL 外部 URL

https://ollama.com/download

SKILL.md:62

🔗

中危外部 URL 外部 URL

https://api.jina.ai/v1/embeddings

SKILL.md:88

🔗

中危外部 URL 外部 URL

https://api.siliconflow.com/v1/rerank

SKILL.md:104

🔗

中危外部 URL 外部 URL

https://api.jina.ai/v1

SKILL.md:162

🔗

中危外部 URL 外部 URL

https://api.jina.ai/v1/rerank

SKILL.md:186

🔗

中危外部 URL 外部 URL

http://192.168.1.100:11434/v1

SKILL.md:333

🔗

中危外部 URL 外部 URL

https://dashscope.aliyuncs.com/compatible-mode/v1

SKILL.md:1223

🔗

中危外部 URL 外部 URL

https://dashscope.aliyuncs.com/compatible-api/v1/reranks

SKILL.md:1236

🔗

中危外部 URL 外部 URL

https://api.voyageai.com/v1/rerank

SKILL.md:1252

🔗

中危外部 URL 外部 URL

https://api.pinecone.io/rerank

SKILL.md:1253

目录结构

3 文件 · 76.6 KB · 1951 行

Markdown 3f · 1951L

├─ ▾ 📁 references

│ └─ 📝 full-reference.md Markdown 310L · 9.7 KB

├─ 📝 README.md Markdown 233L · 9.8 KB

└─ 📝 SKILL.md Markdown 1408L · 57.0 KB

安全亮点

✓ Pure documentation skill — no executable code, scripts, or binaries

✓ All shell commands appear only as documentation examples, not as embedded execution

✓ API key verification uses read-only HTTP GET requests to service endpoints

✓ No credential harvesting — only user-provided keys via config files

✓ No obfuscation (no base64, eval, atob, or encoded strings)

✓ No sensitive file access (no ~/.ssh, ~/.aws, .env reads)

✓ No data exfiltration, reverse shell, or C2 communication patterns

✓ No hidden functionality — documentation matches stated behavior

✓ Remote script has `--dry-run` and `--selfcheck-only` safety options

✓ Full source file map and technical details transparently disclosed