smart-agent-memory 安全扫描报告 — 可信 | ClawSafe

5 /100

smart-agent-memory

Cross-platform AI agent long-term memory system with layered context, temperature model, skill experience memory, structured storage, and auto-archival

This is a legitimate cross-platform agent memory management system with clean architecture, zero external dependencies, and proper access controls confined to the designated memory workspace.

技能名称smart-agent-memory

分析耗时32.0s

引擎pi

✓

可以安装

This skill is safe to use. No security concerns identified.

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	All file operations limited to memory workspace directory
命令执行	`NONE`	`NONE`	—	execFileSync used only for optional qmd tool with safe argument passing

目录结构

10 文件 · 115.1 KB · 3210 行

JavaScript 7f · 2357L Markdown 2f · 836L JSON 1f · 17L

├─ ▾ 📁 lib

│ ├─ 📜 cn-optimize.js JavaScript 292L · 7.8 KB

│ ├─ 📜 extract.js JavaScript 61L · 1.3 KB

│ ├─ 📜 search.js JavaScript 104L · 3.3 KB

│ ├─ 📜 sqlite-store.js JavaScript 592L · 23.9 KB

│ ├─ 📜 store.js JavaScript 585L · 21.2 KB

│ └─ 📜 temperature.js JavaScript 90L · 2.3 KB

├─ ▾ 📁 scripts

│ └─ 📜 memory-cli.js JavaScript 633L · 25.8 KB

├─ 📋 _meta.json JSON 17L · 469 B

├─ 📝 README.md Markdown 608L · 20.9 KB

└─ 📝 SKILL.md Markdown 228L · 8.2 KB

安全亮点

✓ Zero external npm dependencies - uses only Node.js native modules (fs, path, os, node:sqlite)

✓ All file operations confined to designated ~/.openclaw/workspace/memory workspace

✓ No sensitive path access (~/.ssh, ~/.aws, .env files)

✓ No credential harvesting or environment variable enumeration

✓ No network requests or external data exfiltration

✓ No base64 encoding, eval(), or obfuscation techniques

✓ Command injection mitigated - execFileSync uses safe argument arrays not shell strings

✓ Graceful degradation when optional tools (qmd) unavailable

✓ Clear documentation matching implementation - no hidden functionality