中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 50/100
Last scan:2 days ago Rescan
50 /100
memory-compactor
记忆压缩整理 - 自动整理和压缩长期记忆
Skill declares memory file manipulation and scheduled execution but provides no implementation code to audit, creating a doc-to-code verification gap.
Skill Namememory-compactor
Duration44.5s
Enginepi
Use with caution
Request implementation scripts before approval. Without code, cannot verify the skill performs only declared memory compression without accessing or exfiltrating sensitive memory contents.

Attack Chain 4 steps

Entry User installs skill trusting SKILL.md description
SKILL.md:1
Escalation AI agent invokes skill to compress memory files
SKILL.md:12
Escalation Skill accesses memory files containing potential sensitive data
SKILL.md:15
Impact Without code audit, actual behavior unverifiable - could exfiltrate or modify beyond declared scope
SKILL.md:22

Findings 3 items

Severity Finding Location
Medium
Documentation-only skill with unverifiable behavior Doc Mismatch
The skill describes filesystem operations (compress, clean, write) on memory files but provides zero implementation code. Cannot verify if declared behavior matches actual execution.
功能: 定期整理记忆文件,压缩冗余内容,清理过期信息
→ Require submission of implementation scripts (Python/Bash) that can be audited for actual file operations, network access, and data handling.
 SKILL.md:1
Medium
Undeclared scheduled execution mechanism Priv Escalation
SKILL.md states '定时任务自动执行: 每周日22:00' but does not explain how scheduled execution is implemented. Could involve cron jobs, systemd timers, or hidden agent hooks.
定时触发: 每周日22:00
→ Specify the exact mechanism for scheduled execution. If using cron, declare it in documentation.
 SKILL.md:22
Low
Memory file access without visibility into data handling Sensitive Access
Skill operates on memory files that may contain sensitive user data, preferences, or potentially credentials. No code to verify data remains local and is not exfiltrated.
L1 日记 (memory/YYYY-MM-DD.md)
→ Add explicit statement that memory contents are processed locally only and not transmitted externally.
 SKILL.md:12
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✗ Violation SKILL.md describes '压缩冗余内容,清理过期信息' (compress redundant content, clean expired in…

File Tree

1 files · 1.1 KB · 48 lines
Markdown 1f · 48L
└─ 📝 SKILL.md Markdown 48L · 1.1 KB

Security Positives

✓ No network requests described in documentation
✓ No credential harvesting mentioned
✓ No base64, eval, or obfuscation patterns visible in docs
✓ Core concept (memory compression) is functionally legitimate