Scan Report
5 /100
smart-agent-memory
Cross-platform AI agent long-term memory system with layered context, temperature model, skill experience memory, structured storage, and auto-archival
This is a legitimate cross-platform agent memory management system with clean architecture, zero external dependencies, and proper access controls confined to the designated memory workspace.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | All file operations limited to memory workspace directory |
| Shell | NONE | NONE | — | execFileSync used only for optional qmd tool with safe argument passing |
File Tree
10 files · 115.1 KB · 3210 lines JavaScript 7f · 2357L
Markdown 2f · 836L
JSON 1f · 17L
├─
▾
lib
│ ├─
cn-optimize.js
JavaScript
│ ├─
extract.js
JavaScript
│ ├─
search.js
JavaScript
│ ├─
sqlite-store.js
JavaScript
│ ├─
store.js
JavaScript
│ └─
temperature.js
JavaScript
├─
▾
scripts
│ └─
memory-cli.js
JavaScript
├─
_meta.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Zero external npm dependencies - uses only Node.js native modules (fs, path, os, node:sqlite)
✓ All file operations confined to designated ~/.openclaw/workspace/memory workspace
✓ No sensitive path access (~/.ssh, ~/.aws, .env files)
✓ No credential harvesting or environment variable enumeration
✓ No network requests or external data exfiltration
✓ No base64 encoding, eval(), or obfuscation techniques
✓ Command injection mitigated - execFileSync uses safe argument arrays not shell strings
✓ Graceful degradation when optional tools (qmd) unavailable
✓ Clear documentation matching implementation - no hidden functionality