Scan Report
5 /100
极简记忆自动同步
自动监听对话事件,实时写入Markdown记忆文件并同步到LanceDB向量库
A legitimate conversation memory synchronization plugin that writes chat logs to local Markdown files and LanceDB, with no malicious behavior detected.
Safe to install
This skill is safe to use. The only minor issue is the technically misleading '100% zero-dependency' claim since it imports from the OpenClaw plugin SDK, but this is expected and not a security concern.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Minor doc claim inaccuracy Doc Mismatch | SKILL.md:6 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | index.ts:43 fs.appendFile to /home/tao/.openclaw/workspace/memory |
| Skill Invoke | READ | READ | ✓ Aligned | index.ts:6 imports OpenClawPluginApi to register event handlers |
| Network | NONE | NONE | — | No network calls in codebase |
| Shell | NONE | NONE | — | No subprocess or shell execution in codebase |
File Tree
3 files · 4.4 KB · 126 lines TypeScript 1f · 92L
Markdown 1f · 22L
JSON 1f · 12L
├─
index.ts
TypeScript
├─
package.json
JSON
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
openclaw/plugin-sdk | * | import | No | Expected SDK dependency for plugin architecture, not a security risk |
Security Positives
✓ No network requests or external communications
✓ No credential harvesting or environment variable access
✓ No shell execution or subprocess calls
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ No data exfiltration behavior
✓ No hidden functionality beyond what the skill claims to do
✓ Legitimate use case: storing conversation logs for memory sync
✓ Uses OpenClaw's official plugin API (api.memory.store) rather than bypassing security
✓ No sensitive file access beyond the declared memory storage directory
✓ Zero malicious indicators detected