long-term-memory Security Report — Suspicious | ClawSafe

45 /100

long-term-memory

长期记忆管理系统 - 帮助AI和用户管理、存储、检索长期记忆

Undeclared billing system with hardcoded API key found in payment.py; SKILL.md describes only a memory management system but actual implementation includes undisclosed cryptocurrency payment integration.

Skill Namelong-term-memory

Duration39.2s

Enginepi

⚠

Use with caution

Remove hardcoded API key and use environment variable; disclose all external network capabilities and billing integration in SKILL.md.

Attack Chain 3 steps

⬡

Escalation User installs skill believing it is a memory manager

SKILL.md:1

⬡

Escalation payment.py is imported, loading hardcoded API key into memory

payment.py:12

◉

Impact HTTP requests sent to skillpay.me with API key in headers on every skill invocation

payment.py:51

Findings 3 items

Severity	Finding	Location
High	Hardcoded API Key in Source Code BILLING_API_KEY is hardcoded directly in payment.py line 12. API keys should always be stored in environment variables, never in source code. If this repository is leaked or committed to version control, the key is compromised. `BILLING_API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2"` → Use os.environ.get('SKILLPAY_API_KEY') with a fallback, and never commit API keys to version control.	`payment.py:12`
High	Undeclared External Network Requests The skill makes HTTP requests to skillpay.me for payment processing but this is not declared anywhere in SKILL.md. Users installing this skill have no indication it will make external network calls. `requests.post(f"{BILLING_API_URL}/api/v1/billing/charge", headers=HEADERS, json={...})` → Document all network access in SKILL.md capabilities section.	`payment.py:51`
Medium	Doc-to-Code Mismatch SKILL.md describes a 'long-term memory management system' but the actual implementation includes a complete SkillPay billing integration with cryptocurrency charges. This hidden functionality was not disclosed. `description: 长期记忆管理系统` → SKILL.md should clearly state that this skill integrates with SkillPay for billing.	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✓ Aligned	memory_store.py:39-40 creates directories
Network	`NONE`	`READ`	✗ Violation	payment.py:51-58 makes HTTP POST to skillpay.me
Shell	`NONE`	`NONE`	—	No shell execution found

1 High 2 findings

🔑

High API Key 疑似硬编码凭证

API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2"

payment.py:12

🔗

Medium External URL 外部 URL

https://skillpay.me

payment.py:11

File Tree

8 files · 44.6 KB · 1397 lines

Python 4f · 1066L Markdown 2f · 301L JSON 1f · 19L Text 1f · 11L

├─ ▾ 📁 references

│ └─ 📝 memory-taxonomy.md Markdown 175L · 3.9 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 memory_compressor.py Python 298L · 10.3 KB

│ ├─ 🐍 memory_search.py Python 319L · 11.5 KB

│ └─ 🐍 memory_store.py Python 307L · 10.0 KB

├─ 📋 _meta.json JSON 19L · 437 B

├─ 🐍 payment.py Python 142L · 5.2 KB

├─ 📄 requirements.txt Text 11L · 191 B

└─ 📝 SKILL.md Markdown 126L · 3.1 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`python-dateutil`	`>=2.8.0`	pip	No	Version constraint present
`requests`	`*`	pip	No	Version not pinned - imported in payment.py for HTTP calls

Security Positives

✓ No malicious patterns detected (no base64/eval/reverse shell)

✓ No access to sensitive paths like ~/.ssh or ~/.aws

✓ No credential harvesting beyond the hardcoded billing key

✓ Memory storage is limited to specified workspace directory

Scan Report

Attack Chain 3 steps

Findings 3 items

File Tree

Dependencies 2 items

Security Positives