Agent Memory — Persistent Workspace Memory System 安全扫描报告 — 低风险 | ClawSafe

18 /100

Agent Memory — Persistent Workspace Memory System

Three-tier memory architecture for AI agents (long-term owner namespace, daily logs, session handoff) with cross-channel isolation. One command sets up the complete file structure.

A benign workspace memory initialization tool with no malicious behavior. Two minor documentation gaps exist: referenced template files are missing from the package, and undocumented channel directories are created. Neither constitutes a security risk.

技能名称Agent Memory — Persistent Workspace Memory System

分析耗时42.4s

引擎pi

✓

可以安装

Approve for use. The missing template files will cause init_memory.py to print warnings but it continues gracefully. Consider verifying the full template package is delivered.

安全发现 2 项

严重性	安全发现	位置
低危	Template files missing from package 文档欺骗 init_memory.py references 6 template files (AGENTS.md.template, MEMORY.md.template, USER.md.template, MASTER_MAP.md.template, HEARTBEAT.md.template, HANDOFF.md.template) that do not exist in the templates/ directory. The script handles this gracefully by skipping missing files with a warning, so functionality is not broken. `TEMPLATE_FILES = [("AGENTS.md.template", "AGENTS.md"), ...]` → Ensure the complete template package is delivered, or update init_memory.py to inline the templates or reduce the template list.	`templates/`
低危	Undocumented channel directories created 文档欺骗 init_memory.py creates memory/channels/{discord,telegram,signal}/ directories that are not mentioned in SKILL.md. This is shadow functionality but non-sensitive and benign in nature. `for channel in ("discord", "telegram", "signal"): (memory_dir / "channels" / channel).mkdir(parents=True, exist_ok=True)` → Document channel isolation in SKILL.md under 'What's Included' or LIMITATIONS.md.	`init_memory.py:67`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md: 'This skill creates files in your workspace' + init_memory.py creates …
网络访问	`NONE`	`NONE`	—	init_memory.py uses only stdlib; no urllib, requests, socket, or HTTP calls
命令执行	`NONE`	`NONE`	—	init_memory.py uses no subprocess, os.system, or shell commands
环境变量	`NONE`	`NONE`	—	No os.environ iteration or credential access
数据库	`NONE`	`NONE`	—	No database access
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
技能调用	`NONE`	`NONE`	—	No cross-skill invocation

6 项发现

🔗

中危外部 URL 外部 URL

https://ko-fi.com/theshadowrose

README.md:75

🔗

中危外部 URL 外部 URL

https://x.com/TheShadowyRose

README.md:75

🔗

中危外部 URL 外部 URL

https://www.fiverr.com/s/jjmlZ0v

README.md:77

🔗

中危外部 URL 外部 URL

https://shadowyrose.gumroad.com

SKILL.md:244

🔗

中危外部 URL 外部 URL

https://twitter.com/TheShadowyRose

SKILL.md:245

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:242

目录结构

12 文件 · 33.0 KB · 959 行

Markdown 11f · 743L Python 1f · 216L

├─ ▾ 📁 templates

│ └─ ▾ 📁 owner

│ ├─ 📝 decisions.md Markdown 9L · 180 B

│ ├─ 📝 identity.md Markdown 13L · 232 B

│ ├─ 📝 learnings.md Markdown 13L · 293 B

│ ├─ 📝 people.md Markdown 10L · 245 B

│ ├─ 📝 preferences.md Markdown 16L · 419 B

│ └─ 📝 projects.md Markdown 19L · 415 B

├─ 🐍 init_memory.py Python 216L · 7.5 KB

├─ 📝 LICENSE.md Markdown 21L · 1.0 KB

├─ 📝 LIMITATIONS.md Markdown 24L · 1.5 KB

├─ 📝 QUICKSTART.md Markdown 292L · 10.3 KB

├─ 📝 README.md Markdown 77L · 2.1 KB

└─ 📝 SKILL.md Markdown 249L · 9.0 KB

安全亮点

✓ Uses Python stdlib only — no external dependencies, no pip install, no supply chain risk

✓ No network calls whatsoever — no data exfiltration possible

✓ No credential or sensitive file access (~/.ssh, ~/.aws, .env)

✓ No shell execution, subprocess, or command injection vectors

✓ No obfuscation (no base64, no eval, no atob)

✓ SKILL.md explicitly declares 'no code execution, no network calls, no external dependencies' — accurate

✓ Output is restricted to the user-specified workspace directory only

✓ Security Note in SKILL.md accurately describes the tool's behavior

✓ Open source MIT license with clear authorship