中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 10/100
Last scan:1 day ago Rescan
10 /100
dual-brain-memory-guardian
Dual-brain memory skill for correction handling, rewrite quality, post-task reflection, and semantic recall of historical pitfalls using Markdown rules and Pinecone vector storage.
A legitimate dual-brain memory management skill with strong security practices including credential redaction, input sanitization, and a clear documentation structure.
Skill Namedual-brain-memory-guardian
Duration48.2s
Enginepi
Safe to install
The skill is safe to use. Consider pinning dependency versions to specific minor versions for enhanced supply chain security.

Findings 1 items

Severity Finding Location
Low
Incomplete environment variable documentation Doc Mismatch
SKILL.md declares only PINECONE_API_KEY in requirements, but the implementation uses 7 additional optional environment variables: PINECONE_INDEX_NAME, PINECONE_CLOUD, PINECONE_REGION, PINECONE_MODEL, PINECONE_FIELD_MAP_TEXT, PINECONE_NAMESPACE_PREFIX, and MEMORY_TENANT.
apiKey: required(overrides.apiKey ?? env.PINECONE_API_KEY, ...), indexName: String(overrides.indexName ?? env.PINECONE_INDEX_NAME ?? DEFAULTS.indexName)
→ Document all supported environment variables in SKILL.md Requirements section, including optional ones.
 src/pinecone/config.js:22
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned SKILL.md: 'Local markdown brain: Root path defaults to ~/dual-brain-memory-guard…
Network READ READ_WRITE ✓ Aligned SKILL.md: '@pinecone-database/pinecone', 'PINECONE_API_KEY'
Shell NONE NONE No shell execution found in codebase
Environment READ READ ✓ Aligned Only PINECONE_API_KEY declared; 7 additional PINECONE_* vars used (config.js:22-…
Skill Invoke READ READ ✓ Aligned SKILL.md: 'user-invocable: true', npm scripts defined in package.json
1 findings
🔗
Medium External URL 外部 URL
https://dotenvx.com
package-lock.json:36

File Tree

22 files · 110.2 KB · 3758 lines
JavaScript 6f · 2637L Markdown 13f · 1030L JSON 2f · 73L Ignore 1f · 18L
├─ 📁 scripts
│ ├─ 📜 memory-cli.js JavaScript 1466L · 42.5 KB
│ └─ 📜 verify.js JavaScript 388L · 10.1 KB
├─ 📁 src
│ └─ 📁 pinecone
│ ├─ 📜 client.js JavaScript 50L · 1.4 KB
│ ├─ 📜 config.js JavaScript 55L · 2.0 KB
│ ├─ 📜 gatekeeper.js JavaScript 161L · 4.0 KB
│ └─ 📜 memory-store.js JavaScript 517L · 13.5 KB
├─ 📄 .gitignore Ignore 18L · 243 B
├─ 📝 boundaries.md Markdown 78L · 3.1 KB
├─ 📝 corrections.md Markdown 39L · 1.0 KB
├─ 📝 heartbeat-rules.md Markdown 64L · 2.5 KB
├─ 📝 heartbeat-state.md Markdown 17L · 523 B
├─ 📝 HEARTBEAT.md Markdown 5L · 238 B
├─ 📝 learning.md Markdown 105L · 3.2 KB
├─ 📝 memory-template.md Markdown 102L · 2.2 KB
├─ 📝 memory.md Markdown 41L · 1.1 KB
├─ 📝 operations.md Markdown 179L · 8.0 KB
├─ 📋 package-lock.json JSON 40L · 1.2 KB
├─ 📋 package.json JSON 33L · 1.5 KB
├─ 📝 reflections.md Markdown 35L · 877 B
├─ 📝 scaling.md Markdown 78L · 2.5 KB
├─ 📝 setup.md Markdown 160L · 4.4 KB
└─ 📝 SKILL.md Markdown 127L · 4.2 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
@pinecone-database/pinecone ^7.1.0 npm No Version range pinned (caret)
dotenv ^16.4.7 npm No Version range pinned (caret)

Security Positives

✓ Comprehensive credential redaction in gatekeeper.js - blocks private keys, API tokens, JWTs, AWS keys, and IPs before vector storage
✓ Input sanitization with sanitizeForVectorStorage() applied to all user inputs (content, metadata, tags)
✓ AssertVectorPayloadSafe() throws errors on attempts to store blocked secrets
✓ No obfuscation techniques detected - clean JavaScript codebase
✓ No shell execution (child_process/spawn) found in any script
✓ No base64-encoded execution or eval() usage
✓ No curl|bash or wget|sh remote script execution
✓ No attempts to access ~/.ssh, ~/.aws, or other sensitive credential paths
✓ Dependency versions partially pinned: @pinecone-database/pinecone@^7.1.0, dotenv@^16.4.7
✓ Explicit security boundaries declared: 'This skill NEVER stores sensitive raw secrets in vector memory'
✓ All network traffic goes to managed Pinecone API (api.pinecone.io), not arbitrary IPs
✓ Destructive operations (forget-all) require explicit --yes confirmation flag