agent-dream Security Report — Trusted | ClawSafe

5 /100

agent-dream

Nightly memory consolidation and self-reflection for OpenClaw agents. Reviews sessions, organizes memories, prunes stale info, and reflects on its own behavior.

agent-dream is a well-documented, local-only memory consolidation skill with no network, shell, or credential access, clean filesystem scope, and strong built-in safety rails.

Skill Nameagent-dream

Duration30.6s

Enginepi

✓

Safe to install

Approve for use. The skill is transparent, scoped to local memory management, and implements multiple safety mechanisms.

Findings 1 items

Severity	Finding	Location
Low	Shell permission declared as WRITE but effectively READ-ONLY in practice Doc Mismatch SKILL.md states 'bash is restricted to read-only commands' during dreams, but the capability model maps to shell:WRITE. This is a minor documentation inconsistency — in practice bash is only used for read-only operations, consistent with the documentation text. No security impact. `During a dream, bash is restricted to read-only commands (ls, find, grep, cat, stat, wc, head, tail)` → Clarify the capability map entry: shell should be READ, not WRITE, to accurately reflect the documented restriction.	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ+WRITE`	`READ+WRITE`	✓ Aligned	setup.js uses fs.readdirSync, fs.writeFileSync, fs.mkdirSync — scoped to memory/…
Network	`NONE`	`NONE`	—	setup.js uses only Node.js fs/path; zero HTTP/net modules imported
Shell	`WRITE (documentation lists as available)`	`READ-ONLY`	✓ Aligned	SKILL.md declares 'bash is restricted to read-only commands' — so actual shell a…
Environment	`NONE`	`NONE`	—	setup.js never reads process.env; security docs explicitly state no env sniffing
Skill Invoke	`NONE`	`NONE`	—	No skill invocation found in code
Clipboard	`NONE`	`NONE`	—	No clipboard access in any file
Browser	`NONE`	`NONE`	—	No browser/DOM access — server-side Node.js only
Database	`NONE`	`NONE`	—	No database access in any file

3 findings

🔗

Medium External URL 外部 URL

https://clawhub.com/u/ahaaiclub

README.md:102

🔗

Medium External URL 外部 URL

https://ahaai.ai

README.md:104

🔗

Medium External URL 外部 URL

https://console.example.com

references/memory-types.md:45

File Tree

4 files · 21.6 KB · 546 lines

Markdown 3f · 374L JavaScript 1f · 172L

├─ ▾ 📁 references

│ └─ 📝 memory-types.md Markdown 57L · 2.7 KB

├─ ▾ 📁 scripts

│ └─ 📜 setup.js JavaScript 172L · 5.7 KB

├─ 📝 README.md Markdown 104L · 4.3 KB

└─ 📝 SKILL.md Markdown 213L · 8.9 KB

Security Positives

✓ Zero network calls — explicitly declared and verified in code

✓ Zero shell execution in setup.js — only fs/path Node.js standard library

✓ No environment variable or credential access

✓ No external dependencies (no package.json, no requirements.txt) — no supply chain risk

✓ Strong safety rails: 2-pass deletion, backup before changes, >50% change block, rollback on failure

✓ Scope explicitly limited to memory/, MEMORY.md, LEARN.md, dreams/ — no sensitive path access (~/.ssh, ~/.aws, etc.)

✓ No obfuscation — all code is plain, readable JavaScript

✓ Documentation is thorough and accurately describes behavior

Scan Report

Findings 1 items

File Tree

Security Positives