openclaw-memory-system 安全扫描报告 — 低风险 | ClawSafe

15 /100

openclaw-memory-system

OpenClaw 多模态记忆系统 - 支持图片/工具记忆、项目/Agent/用户隔离、自然语言修正

The skill is a legitimate OpenClaw memory system with no malicious code present. It consists primarily of documentation with a single benign install script. Minor concern: references files in documentation that don't exist in the package.

技能名称openclaw-memory-system

分析耗时36.4s

引擎pi

✓

可以安装

Approve for use with standard precautions. The actual skill implementation files referenced in documentation are missing from the package, so full functionality will not work until the implementation is included.

安全发现 2 项

严重性	安全发现	位置
低危	Documentation references non-existent implementation files 文档欺骗 SKILL.md, README.md, and RELEASE.md document files under skills/ directory that are not included in the package (image-memory.js, project-memory.js, memory-correct.js, etc.) `skills/multimodal-memory/image-memory.js, skills/project-memory-isolation/project-memory.js` → Either include the implementation files or update documentation to clarify this is a documentation-only release	`SKILL.md:1`
提示	Install script uses env-controlled workspace path 权限提升 install.js uses OPENCLAW_WORKSPACE env var with fallback to /home/openclaw/.openclaw/workspace. If env var is externally controlled, path could be redirected. `const WORKSPACE = process.env.OPENCLAW_WORKSPACE \|\| '/home/openclaw/.openclaw/workspace'` → This is standard practice for workspace tools. Ensure the environment variable cannot be set by untrusted sources.	`scripts/install.js:9`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✓ 一致	install.js creates memory directories and copies configs to workspace
网络访问	`NONE`	`NONE`	—	Feishu webhook mentioned in docs but no active network code present
命令执行	`NONE`	`NONE`	—	No shell execution found in install.js
环境变量	`NONE`	`READ`	✓ 一致	install.js:9 reads OPENCLAW_WORKSPACE env var

目录结构

9 文件 · 32.6 KB · 1421 行

Markdown 5f · 1194L JSON 3f · 171L JavaScript 1f · 56L

├─ ▾ 📁 scripts

│ └─ 📜 install.js JavaScript 56L · 1.5 KB

├─ 📋 clawhub.json JSON 61L · 1.6 KB

├─ 📋 manifest.json JSON 51L · 1.4 KB

├─ 📋 package.json JSON 59L · 1.4 KB

├─ 📝 QUICKSTART.md Markdown 91L · 2.0 KB

├─ 📝 README_CLAWHUB.md Markdown 165L · 4.0 KB

├─ 📝 README.md Markdown 312L · 7.4 KB

├─ 📝 RELEASE.md Markdown 378L · 8.2 KB

└─ 📝 SKILL.md Markdown 248L · 5.2 KB

安全亮点

✓ No shell execution commands found

✓ No credential harvesting or exfiltration code

✓ No obfuscation or base64-encoded payloads

✓ No C2 communication or remote code execution

✓ Install script only creates directories and copies configs

✓ No suspicious network requests

✓ No cron/scheduled task installation

✓ No access to sensitive paths like ~/.ssh or .env