中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:18 hr ago Rescan
5 /100
memory-integration
Memory integration plugin for OpenClaw - syncs memory files to co-occurrence graph and semantic vector store
This is a legitimate memory integration plugin that synchronizes memory files to co-occurrence graphs and semantic vector stores. No malicious behavior detected.
Skill Namememory-integration
Duration30.9s
Enginepi
Safe to install
This skill is safe to use. The filesystem:WRITE permission for sync state is implicitly necessary for incremental sync functionality.

Findings 1 items

Severity Finding Location
Low
Minor documentation omission for WRITE permission Doc Mismatch
SKILL.md does not explicitly declare filesystem:WRITE permission for the sync state config file, though this is benign and necessary for incremental sync functionality.
Implicit WRITE to ~/workspace/integration/memory_sync_config.json
→ Add filesystem:WRITE to declared permissions if strict compliance is required
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem NONE READ ✓ Aligned scripts/memory_integration.py:75 - reads memory files
Filesystem NONE WRITE ✓ Aligned scripts/memory_integration.py:44-46 - writes sync config
Environment NONE READ ✓ Aligned scripts/memory_integration.py:33 - reads OPENCLAW_WORKSPACE
Shell NONE NONE No subprocess or shell execution detected
Network NONE NONE No network requests detected

File Tree

2 files · 18.7 KB · 501 lines
Python 1f · 405L Markdown 1f · 96L
├─ 📁 scripts
│ └─ 🐍 memory_integration.py Python 405L · 15.7 KB
└─ 📝 SKILL.md Markdown 96L · 3.0 KB

Security Positives

✓ No shell execution or subprocess usage
✓ No credential harvesting or environment variable iteration for secrets
✓ No network requests or data exfiltration
✓ No obfuscated code or base64-encoded payloads
✓ No sensitive file access (~/.ssh, ~/.aws, .env)
✓ No remote script execution (curl|bash, wget|sh)
✓ No reverse shell or C2 communication patterns
✓ Clean, readable Python code with standard library usage
✓ Memory file parsing is limited to .md files in designated workspace
✓ Hash-based change detection for incremental sync (not exfiltrating hashes)