Skill Trust Decision
feynman-fsrs-pro
Hardcoded database credentials exposed in SKILL.md and source code create significant credential theft risk; doc-to-code table name mismatch indicates shadow functionality.
Most direct threat evidence
High Credential Theft
Database credentials exposed in SKILL.md SKILL.md contains plaintext database credentials: username 'openclaw_feiman', password '12345678', host '127.0.0.1'. This is a critical security violation as documentation should never contain sensitive credentials.
SKILL.md:17 Why this conclusion was reached
2/4 dimensions flagged Pass
Declared vs actual capability
Declared resources and inferred behavior are broadly aligned.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 3 severe findings.
Review
Dependencies and supply chain hygiene
1 dependency or supply-chain issues need attention.
What drove the risk score up
Hardcoded credentials in SKILL.md +20
Database password '12345678', username, host, and table name exposed in documentation
Hardcoded credentials in source code +10
feynman_core.js:9 and database.js:7-11 contain identical hardcoded credentials
Doc-to-code table name mismatch +10
SKILL.md declares 'feynman_memory' but code inconsistently queries both 'feynman_cards' and 'feynman_memory'
IP address anomaly +5
feynman_core.js:9 shows '27.0.0.1' instead of '127.0.0.1' - likely typo
Hardcoded filesystem path +3
Obsidian path points to specific user directory 'C:\Users\alex\iCloudDrive'
Most important evidence
High Credential Theft
Database credentials exposed in SKILL.md
SKILL.md contains plaintext database credentials: username 'openclaw_feiman', password '12345678', host '127.0.0.1'. This is a critical security violation as documentation should never contain sensitive credentials.
SKILL.md:17 Remove all credentials from SKILL.md. Use environment variables or .env file for configuration.
High Credential Theft
Hardcoded credentials in feynman_core.js
feynman_core.js contains hardcoded database connection parameters with weak password '12345678'.
scripts/feynman_core.js:15 Use environment variables: process.env.DB_PASSWORD, process.env.DB_HOST, etc.
High Credential Theft
Hardcoded credentials in database.js
database.js contains identical hardcoded database credentials as feynman_core.js.
scripts/database.js:7 Consolidate database config into a single module using environment variables.
Medium Doc Mismatch
Table name mismatch between documentation and code
SKILL.md declares table name as 'feynman_memory', but feynman_core.js queries 'feynman_cards' while database.js queries 'feynman_memory'. schema.sql creates 'feynman_cards'. This inconsistency suggests shadow functionality or copy-paste errors.
scripts/feynman_core.js:55 Standardize table name across all files. Update SKILL.md to reflect actual table name used in code.
Low Sensitive Access
Hardcoded Obsidian path references specific user
OBSIDIAN_BASE path points to 'C:\Users\alex\iCloudDrive\iCloud~md~obsidian\new-note', exposing a specific user's directory structure.
scripts/database.js:8 Use environment variable for Obsidian path configuration.
Declared capability vs actual capability
Filesystem Pass
Declared READ
→ Inferred READ
Reads .md files from Obsidian directory Database Pass
Declared WRITE
→ Inferred WRITE
PostgreSQL connection with SELECT/INSERT/UPDATE queries Network Pass
Declared NONE
→ Inferred READ
Connects to local PostgreSQL at 127.0.0.1:5432 (documentation exposes '27.0.0.1') Shell Pass
Declared NONE
→ Inferred NONE
No shell execution observed Suspicious artifacts and egress
High IP Address
27.0.0.1 scripts/feynman_core.js:9
Medium External URL
https://registry.npmmirror.com/pg/-/pg-8.20.0.tgz scripts/package-lock.json:20
Medium External URL
https://registry.npmmirror.com/pg-cloudflare/-/pg-cloudflare-1.3.0.tgz scripts/package-lock.json:47
Medium External URL
https://registry.npmmirror.com/pg-connection-string/-/pg-connection-string-2.12.0.tgz scripts/package-lock.json:54
Medium External URL
https://registry.npmmirror.com/pg-int8/-/pg-int8-1.0.1.tgz scripts/package-lock.json:60
Medium External URL
https://registry.npmmirror.com/pg-pool/-/pg-pool-3.13.0.tgz scripts/package-lock.json:69
Medium External URL
https://registry.npmmirror.com/pg-protocol/-/pg-protocol-1.13.0.tgz scripts/package-lock.json:78
Medium External URL
https://registry.npmmirror.com/pg-types/-/pg-types-2.2.0.tgz scripts/package-lock.json:84
Medium External URL
https://registry.npmmirror.com/pgpass/-/pgpass-1.0.5.tgz scripts/package-lock.json:100
Medium External URL
https://registry.npmmirror.com/postgres-array/-/postgres-array-2.0.0.tgz scripts/package-lock.json:109
Medium External URL
https://registry.npmmirror.com/postgres-bytea/-/postgres-bytea-1.0.1.tgz scripts/package-lock.json:118
Medium External URL
https://registry.npmmirror.com/postgres-date/-/postgres-date-1.0.7.tgz scripts/package-lock.json:127
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| pg | ^8.11.3 | npm | No | PostgreSQL client library, version pinned |
File composition
14 files · 2214 lines
JavaScript 9 files · 1231 linesMarkdown 2 files · 627 linesJSON 2 files · 191 linesSQL 1 files · 165 lines
Files of concern · 4
scripts/feynman_core.js Hardcoded credentials in feynman_core.js · Table name mismatch between documentation and code · 27.0.0.1
SKILL.md Database credentials exposed in SKILL.md
scripts/database.js Hardcoded credentials in database.js · Hardcoded Obsidian path references specific user
scripts/package-lock.json https://registry.npmmirror.com/pg/-/pg-8.20.0.tgz · https://registry.npmmirror.com/pg-cloudflare/-/pg-cloudflare-1.3.0.tgz · https://registry.npmmirror.com/pg-connection-string/-/pg-connection-string-2.12.0.tgz · https://registry.npmmirror.com/pg-int8/-/pg-int8-1.0.1.tgz · https://registry.npmmirror.com/pg-pool/-/pg-pool-3.13.0.tgz · https://registry.npmmirror.com/pg-protocol/-/pg-protocol-1.13.0.tgz · https://registry.npmmirror.com/pg-types/-/pg-types-2.2.0.tgz · https://registry.npmmirror.com/pgpass/-/pgpass-1.0.5.tgz · https://registry.npmmirror.com/postgres-array/-/postgres-array-2.0.0.tgz · https://registry.npmmirror.com/postgres-bytea/-/postgres-bytea-1.0.1.tgz · https://registry.npmmirror.com/postgres-date/-/postgres-date-1.0.7.tgz · https://registry.npmmirror.com/postgres-interval/-/postgres-interval-1.2.0.tgz · https://registry.npmmirror.com/split2/-/split2-4.2.0.tgz · https://registry.npmmirror.com/xtend/-/xtend-4.0.2.tgz
Other files · README.md · schema.sql · update-progress.js · cli.js · review-helper.js · index.js +2
Security positives
No shell execution observed - skill uses direct database queries only
No external network requests detected - only local PostgreSQL connection
No obfuscation techniques (base64, eval) found in codebase
No credential exfiltration - hardcoded credentials are only used locally
No reverse shell or C2 infrastructure indicators
No prompt injection payloads detected
Dependencies are minimal (pg library only) with pinned versions