tiered-context-manager Security Report — Trusted | ClawSafe

5 /100

tiered-context-manager

多Agent协作的智能会话上下文管理系统。当需要管理AI agent的长会话压缩、多层记忆分层、跨Agent知识共享时激活。支持L1/L2/L3分层压缩、实时监控、统计分析。用于OpenClaw agent的上下文管理优化。

This is a legitimate multi-agent context management system with session compression, memory tiering, and cross-agent knowledge sharing capabilities. No malicious behavior detected.

Skill Nametiered-context-manager

Duration48.5s

Enginepi

✓

Safe to install

This skill is safe to use. Consider documenting the filesystem:WRITE capability explicitly in SKILL.md for transparency.

Findings 1 items

Severity	Finding	Location
Low	Missing filesystem write declaration Doc Mismatch SKILL.md does not explicitly declare that the skill performs filesystem WRITE operations (session file modification, backup creation). This is functionally necessary but undocumented. `No 'filesystem' capability declared` → Add 'filesystem:WRITE' to declared capabilities if this skill is to be fully transparent about its permissions	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✓ Aligned	SKILL.md: No declaration; tiered-engine.js reads/writes session files and create…
Network	`NONE`	`NONE`	—	No network requests found in codebase
Shell	`NONE`	`NONE`	—	No subprocess or shell execution found
Environment	`NONE`	`NONE`	—	No os.environ iteration or sensitive variable access

File Tree

14 files · 114.8 KB · 3957 lines

JavaScript 9f · 3330L Python 2f · 383L Markdown 2f · 235L JSON 1f · 9L

├─ ▾ 📁 references

│ └─ 📝 architecture.md Markdown 136L · 3.9 KB

├─ ▾ 📁 scripts

│ ├─ 📜 compression_stats.js JavaScript 452L · 12.6 KB

│ ├─ 📜 cross_agent_context.js JavaScript 428L · 11.4 KB

│ ├─ 📜 index.js JavaScript 78L · 3.1 KB

│ ├─ 📜 l3_ai_compressor.js JavaScript 365L · 9.9 KB

│ ├─ 📜 memory_tiering.js JavaScript 422L · 10.7 KB

│ ├─ 📋 package.json JSON 9L · 193 B

│ ├─ 🐍 process_l3_tasks.py Python 193L · 5.4 KB

│ ├─ 📜 realtime_monitor.js JavaScript 466L · 12.3 KB

│ ├─ 🐍 save_shared_state.py Python 190L · 5.9 KB

│ ├─ 📜 tiered_standalone_v2.js JavaScript 212L · 8.6 KB

│ ├─ 📜 tiered_standalone.js JavaScript 405L · 13.4 KB

│ └─ 📜 tiered-engine.js JavaScript 502L · 15.3 KB

└─ 📝 SKILL.md Markdown 99L · 2.2 KB

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`fs (Node.js built-in)`	`bundled`	node	No	Standard filesystem module, no external dependencies
`path (Node.js built-in)`	`bundled`	node	No	Standard path module, no external dependencies
`os (Node.js built-in)`	`bundled`	node	No	Standard OS module, no external dependencies

Security Positives

✓ No credential harvesting or API key theft detected

✓ No external network requests or C2 communication

✓ No base64 encoding, obfuscation, or eval() calls

✓ No curl|bash or wget|sh remote script execution

✓ Proper backup mechanism before file writes (safeWriteSession)

✓ Auto-rollback on write failures for data protection

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No reverse shell, RCE, or data exfiltration patterns

✓ Clean codebase with no obfuscation techniques

Scan Report

Findings 1 items

File Tree

Dependencies 3 items

Security Positives