中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
tiered-context-manager
多Agent协作的智能会话上下文管理系统。当需要管理AI agent的长会话压缩、多层记忆分层、跨Agent知识共享时激活。支持L1/L2/L3分层压缩、实时监控、统计分析。用于OpenClaw agent的上下文管理优化。
This is a legitimate multi-agent context management system with session compression, memory tiering, and cross-agent knowledge sharing capabilities. No malicious behavior detected.
技能名称tiered-context-manager
分析耗时48.5s
引擎pi
可以安装
This skill is safe to use. Consider documenting the filesystem:WRITE capability explicitly in SKILL.md for transparency.

安全发现 1 项

严重性 安全发现 位置
低危
Missing filesystem write declaration 文档欺骗
SKILL.md does not explicitly declare that the skill performs filesystem WRITE operations (session file modification, backup creation). This is functionally necessary but undocumented.
No 'filesystem' capability declared
→ Add 'filesystem:WRITE' to declared capabilities if this skill is to be fully transparent about its permissions
 SKILL.md:1
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✓ 一致 SKILL.md: No declaration; tiered-engine.js reads/writes session files and create…
网络访问 NONE NONE No network requests found in codebase
命令执行 NONE NONE No subprocess or shell execution found
环境变量 NONE NONE No os.environ iteration or sensitive variable access

目录结构

14 文件 · 114.8 KB · 3957 行
JavaScript 9f · 3330L Python 2f · 383L Markdown 2f · 235L JSON 1f · 9L
├─ 📁 references
│ └─ 📝 architecture.md Markdown 136L · 3.9 KB
├─ 📁 scripts
│ ├─ 📜 compression_stats.js JavaScript 452L · 12.6 KB
│ ├─ 📜 cross_agent_context.js JavaScript 428L · 11.4 KB
│ ├─ 📜 index.js JavaScript 78L · 3.1 KB
│ ├─ 📜 l3_ai_compressor.js JavaScript 365L · 9.9 KB
│ ├─ 📜 memory_tiering.js JavaScript 422L · 10.7 KB
│ ├─ 📋 package.json JSON 9L · 193 B
│ ├─ 🐍 process_l3_tasks.py Python 193L · 5.4 KB
│ ├─ 📜 realtime_monitor.js JavaScript 466L · 12.3 KB
│ ├─ 🐍 save_shared_state.py Python 190L · 5.9 KB
│ ├─ 📜 tiered_standalone_v2.js JavaScript 212L · 8.6 KB
│ ├─ 📜 tiered_standalone.js JavaScript 405L · 13.4 KB
│ └─ 📜 tiered-engine.js JavaScript 502L · 15.3 KB
└─ 📝 SKILL.md Markdown 99L · 2.2 KB

依赖分析 3 项

包名版本来源已知漏洞备注
fs (Node.js built-in) bundled node Standard filesystem module, no external dependencies
path (Node.js built-in) bundled node Standard path module, no external dependencies
os (Node.js built-in) bundled node Standard OS module, no external dependencies

安全亮点

✓ No credential harvesting or API key theft detected
✓ No external network requests or C2 communication
✓ No base64 encoding, obfuscation, or eval() calls
✓ No curl|bash or wget|sh remote script execution
✓ Proper backup mechanism before file writes (safeWriteSession)
✓ Auto-rollback on write failures for data protection
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No reverse shell, RCE, or data exfiltration patterns
✓ Clean codebase with no obfuscation techniques