中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 18/100
Last scan:1 day ago Rescan
18 /100
Agent Memory — Persistent Workspace Memory System
Three-tier memory architecture for AI agents (long-term owner namespace, daily logs, session handoff) with cross-channel isolation. One command sets up the complete file structure.
A benign workspace memory initialization tool with no malicious behavior. Two minor documentation gaps exist: referenced template files are missing from the package, and undocumented channel directories are created. Neither constitutes a security risk.
Skill NameAgent Memory — Persistent Workspace Memory System
Duration42.4s
Enginepi
Safe to install
Approve for use. The missing template files will cause init_memory.py to print warnings but it continues gracefully. Consider verifying the full template package is delivered.

Findings 2 items

Severity Finding Location
Low
Template files missing from package Doc Mismatch
init_memory.py references 6 template files (AGENTS.md.template, MEMORY.md.template, USER.md.template, MASTER_MAP.md.template, HEARTBEAT.md.template, HANDOFF.md.template) that do not exist in the templates/ directory. The script handles this gracefully by skipping missing files with a warning, so functionality is not broken.
TEMPLATE_FILES = [("AGENTS.md.template", "AGENTS.md"), ...]
→ Ensure the complete template package is delivered, or update init_memory.py to inline the templates or reduce the template list.
 templates/
Low
Undocumented channel directories created Doc Mismatch
init_memory.py creates memory/channels/{discord,telegram,signal}/ directories that are not mentioned in SKILL.md. This is shadow functionality but non-sensitive and benign in nature.
for channel in ("discord", "telegram", "signal"): (memory_dir / "channels" / channel).mkdir(parents=True, exist_ok=True)
→ Document channel isolation in SKILL.md under 'What's Included' or LIMITATIONS.md.
 init_memory.py:67
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned SKILL.md: 'This skill creates files in your workspace' + init_memory.py creates …
Network NONE NONE init_memory.py uses only stdlib; no urllib, requests, socket, or HTTP calls
Shell NONE NONE init_memory.py uses no subprocess, os.system, or shell commands
Environment NONE NONE No os.environ iteration or credential access
Database NONE NONE No database access
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser automation
Skill Invoke NONE NONE No cross-skill invocation
6 findings
🔗
Medium External URL 外部 URL
https://ko-fi.com/theshadowrose
README.md:75
🔗
Medium External URL 外部 URL
https://x.com/TheShadowyRose
README.md:75
🔗
Medium External URL 外部 URL
https://www.fiverr.com/s/jjmlZ0v
README.md:77
🔗
Medium External URL 外部 URL
https://shadowyrose.gumroad.com
SKILL.md:244
🔗
Medium External URL 外部 URL
https://twitter.com/TheShadowyRose
SKILL.md:245
📧
Info Email 邮箱地址
[email protected]
SKILL.md:242

File Tree

12 files · 33.0 KB · 959 lines
Markdown 11f · 743L Python 1f · 216L
├─ 📁 templates
│ └─ 📁 owner
│ ├─ 📝 decisions.md Markdown 9L · 180 B
│ ├─ 📝 identity.md Markdown 13L · 232 B
│ ├─ 📝 learnings.md Markdown 13L · 293 B
│ ├─ 📝 people.md Markdown 10L · 245 B
│ ├─ 📝 preferences.md Markdown 16L · 419 B
│ └─ 📝 projects.md Markdown 19L · 415 B
├─ 🐍 init_memory.py Python 216L · 7.5 KB
├─ 📝 LICENSE.md Markdown 21L · 1.0 KB
├─ 📝 LIMITATIONS.md Markdown 24L · 1.5 KB
├─ 📝 QUICKSTART.md Markdown 292L · 10.3 KB
├─ 📝 README.md Markdown 77L · 2.1 KB
└─ 📝 SKILL.md Markdown 249L · 9.0 KB

Security Positives

✓ Uses Python stdlib only — no external dependencies, no pip install, no supply chain risk
✓ No network calls whatsoever — no data exfiltration possible
✓ No credential or sensitive file access (~/.ssh, ~/.aws, .env)
✓ No shell execution, subprocess, or command injection vectors
✓ No obfuscation (no base64, no eval, no atob)
✓ SKILL.md explicitly declares 'no code execution, no network calls, no external dependencies' — accurate
✓ Output is restricted to the user-specified workspace directory only
✓ Security Note in SKILL.md accurately describes the tool's behavior
✓ Open source MIT license with clear authorship