memory-review 安全扫描报告 — 可信 | ClawSafe

5 /100

memory-review

知识沉淀自动化技能。扫描近期日记，识别可沉淀知识，自动写入知识库。

A benign knowledge-management skill that scans diary files and writes knowledge summaries, with no malicious behavior detected.

技能名称memory-review

分析耗时25.6s

引擎pi

✓

可以安装

No action needed. The skill is safe to use.

安全发现 1 项

严重性	安全发现	位置
低危	Shell command not declared in SKILL.md 文档欺骗 The md5sum shell command is used for incremental scanning (documented in spec.md) but is not declared in the SKILL.md capability declaration. While functionally documented, it creates a minor doc-to-declaration gap for the primary interface. `md5sum memory/daily/YYYY-MM-DD.md` → Add shell:READ to SKILL.md's declared capabilities to fully reflect the md5sum usage.	`references/spec.md:62`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`WRITE`	✓ 一致	SKILL.md: Writes output to memory/daily/, memory/knowledge/, data/exec-logs/
命令执行	`NONE`	`READ`	✓ 一致	spec.md: Uses md5sum for file integrity checking — documented but not declared i…
网络访问	`NONE`	`NONE`	—	No network calls found
环境变量	`NONE`	`NONE`	—	No environment variable access found
凭据	`NONE`	`NONE`	—	No credential access found

2 文件 · 4.2 KB · 170 行

Markdown 2f · 170L

├─ ▾ 📁 references

│ └─ 📝 spec.md Markdown 116L · 2.7 KB

└─ 📝 SKILL.md Markdown 54L · 1.5 KB

✓ No network requests or external data exfiltration

✓ No credential harvesting or environment variable access

✓ No obfuscated code, base64, or anti-analysis patterns

✓ No remote script execution (curl|bash, wget|sh)

✓ No sensitive path access (~/.ssh, ~/.aws, .env)

✓ No binary files or suspicious dependencies

✓ Write operations are scoped to well-defined output directories (memory/, data/)

✓ Incremental scanning via md5 prevents redundant work, indicating genuine utility rather than covert activity