memory-keep-alive-for-obsidian 安全扫描报告 — 低风险 | ClawSafe

20 /100

memory-keep-alive-for-obsidian

Automatic task memory and keep-alive loop for Obsidian-backed agents. Every task gets persistent notes. Arm the loop for long tasks, disarm when done.

The skill is a task-memory and keep-alive loop for Obsidian vaults. Shell access is used for cron job management (legitimate and documented), filesystem scope is constrained to the vault directory, and no sensitive data access, network exfiltration, or obfuscation was found. The `rm -rf ~` reference is uninstall documentation only, not live code.

技能名称memory-keep-alive-for-obsidian

分析耗时47.0s

引擎pi

✓

可以安装

No immediate action required. Consider narrowing the install script's filesystem scope to avoid broad `rm -rf` documentation in user-facing guides.

安全发现 3 项

严重性	安全发现	位置
低危	Shell usage in install script not declared in SKILL.md install.sh uses `grep` and direct file writes to jobs.json when the OpenClaw CLI is unavailable. SKILL.md only describes the skill behavior and does not document the installation mechanism or shell-level operations. This is a minor documentation gap — the shell usage is for legitimate cron job setup and has no direct security impact on the running skill. `if openclaw cron list 2>/dev/null \| grep -q "$name"; then` → Document that the install script may invoke shell commands (grep, openclaw CLI) for cron job registration. Alternatively, move install.sh out of the skill directory or mark it as a separate deployment artifact.	`install.sh:61`
低危	Broad `rm -rf` in uninstall documentation INSTALL.md line 108 documents `rm -rf ~/.openclaw/skills/memory-keep-alive-for-obsidian` as the uninstall step. This is documentation text, not executable code, but the pattern is potentially dangerous if a user misreads or miscopies it. The `rm -rf ~` IOC in the pre-scan appears to be a false positive generated from this documentation line rather than actual malicious code. `rm -rf ~/.openclaw/skills/memory-keep-alive-for-obsidian` → Consider using a safer uninstall pattern in documentation (e.g., `rm -r "$HOME/.openclaw/skills/memory-keep-alive-for-obsidian"`) or explicitly disclaim the danger of copy-pasting this command.	`INSTALL.md:108`
低危	Inline Python for jobs.json modification install.sh uses a Python heredoc to read and modify jobs.json when the OpenClaw CLI is unavailable. This touches a shared OpenClaw config file and could theoretically conflict with concurrent modifications. The Python code uses secrets.token_hex(6) for job IDs which is cryptographically reasonable. `python3 - "$JOBS_FILE" "$NOW" <<'PYEOF'` → Add file locking or atomic write behavior to the jobs.json modification. Use `json.load`/`json.dump` with an atomic rename for safe concurrent writes.	`install.sh:149`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ+WRITE`	`READ+WRITE`	✓ 一致	SKILL.md: 'Task Memory' section declares filesystem writes to <vault>/Tasks/
命令执行	`NONE`	`WRITE`	✓ 一致	install.sh:61 — openclaw cron list \| grep -q; install.sh:149-161 — writes jobs.j…
网络访问	`NONE`	`NONE`	—	No network calls found in any file
环境变量	`NONE`	`NONE`	—	Only reads OPENCLAW_DIR and VAULT_PATH environment variables, no credential harv…
技能调用	`NONE`	`NONE`	—	Cron jobs reference 'memory-keep-alive-for-obsidian' as skill name only
剪贴板	`NONE`	`NONE`	—	No clipboard access found
浏览器	`NONE`	`NONE`	—	No browser access found
数据库	`NONE`	`NONE`	—	No database access found

1 严重 1 项发现

💀

严重危险命令危险 Shell 命令

rm -rf ~

INSTALL.md:108

目录结构

12 文件 · 31.1 KB · 862 行

Markdown 11f · 651L Shell 1f · 211L

├─ ▾ 📁 examples

│ └─ 📝 WORKFLOW-INDEX.md Markdown 17L · 280 B

├─ ▾ 📁 prompts

│ ├─ 📝 escalator-prompt.md Markdown 42L · 2.1 KB

│ ├─ 📝 replayer-prompt.md Markdown 39L · 1.9 KB

│ ├─ 📝 smoke-test-prompt.md Markdown 32L · 1.5 KB

│ ├─ 📝 validator-prompt.md Markdown 23L · 1.5 KB

│ └─ 📝 watchdog-prompt.md Markdown 75L · 2.8 KB

├─ ▾ 📁 templates

│ ├─ 📝 LOOP-STATE.md Markdown 10L · 248 B

│ └─ 📝 TEMPLATE.md Markdown 58L · 1.2 KB

├─ 📝 INSTALL.md Markdown 117L · 4.8 KB

├─ 🔧 install.sh Shell 211L · 6.4 KB

├─ 📝 README.md Markdown 100L · 3.4 KB

└─ 📝 SKILL.md Markdown 138L · 5.0 KB

安全亮点

✓ No credential harvesting or environment variable enumeration found

✓ No network requests, no external IP communication, no data exfiltration

✓ No base64, eval, or obfuscated code detected

✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive paths

✓ No curl|bash or wget|sh remote script execution patterns

✓ All file operations are scoped to the user-provided vault path and OpenClaw config directory

✓ Vault scope is explicitly enforced in all prompt files (watchdog, replayer, escalator, validator)

✓ Cron job prompts all include a loop gate that stops execution when the loop is disarmed

✓ No reverse shell, C2, or data theft indicators found

✓ Skill behavior is well-documented in SKILL.md and README.md with no hidden capabilities