中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:19 小时前 重新扫描
5 /100
memory-integration
Memory integration plugin for OpenClaw - syncs memory files to co-occurrence graph and semantic vector store
This is a legitimate memory integration plugin that synchronizes memory files to co-occurrence graphs and semantic vector stores. No malicious behavior detected.
技能名称memory-integration
分析耗时30.9s
引擎pi
可以安装
This skill is safe to use. The filesystem:WRITE permission for sync state is implicitly necessary for incremental sync functionality.

安全发现 1 项

严重性 安全发现 位置
低危
Minor documentation omission for WRITE permission 文档欺骗
SKILL.md does not explicitly declare filesystem:WRITE permission for the sync state config file, though this is benign and necessary for incremental sync functionality.
Implicit WRITE to ~/workspace/integration/memory_sync_config.json
→ Add filesystem:WRITE to declared permissions if strict compliance is required
 SKILL.md:1
资源类型声明权限推断权限状态证据
文件系统 NONE READ ✓ 一致 scripts/memory_integration.py:75 - reads memory files
文件系统 NONE WRITE ✓ 一致 scripts/memory_integration.py:44-46 - writes sync config
环境变量 NONE READ ✓ 一致 scripts/memory_integration.py:33 - reads OPENCLAW_WORKSPACE
命令执行 NONE NONE No subprocess or shell execution detected
网络访问 NONE NONE No network requests detected

目录结构

2 文件 · 18.7 KB · 501 行
Python 1f · 405L Markdown 1f · 96L
├─ 📁 scripts
│ └─ 🐍 memory_integration.py Python 405L · 15.7 KB
└─ 📝 SKILL.md Markdown 96L · 3.0 KB

安全亮点

✓ No shell execution or subprocess usage
✓ No credential harvesting or environment variable iteration for secrets
✓ No network requests or data exfiltration
✓ No obfuscated code or base64-encoded payloads
✓ No sensitive file access (~/.ssh, ~/.aws, .env)
✓ No remote script execution (curl|bash, wget|sh)
✓ No reverse shell or C2 communication patterns
✓ Clean, readable Python code with standard library usage
✓ Memory file parsing is limited to .md files in designated workspace
✓ Hash-based change detection for incremental sync (not exfiltrating hashes)