中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 50/100
上次扫描:2 天前 重新扫描
50 /100
memory-compactor
记忆压缩整理 - 自动整理和压缩长期记忆
Skill declares memory file manipulation and scheduled execution but provides no implementation code to audit, creating a doc-to-code verification gap.
技能名称memory-compactor
分析耗时44.5s
引擎pi
谨慎使用
Request implementation scripts before approval. Without code, cannot verify the skill performs only declared memory compression without accessing or exfiltrating sensitive memory contents.

攻击链 4 步

入口 User installs skill trusting SKILL.md description
SKILL.md:1
提权 AI agent invokes skill to compress memory files
SKILL.md:12
提权 Skill accesses memory files containing potential sensitive data
SKILL.md:15
影响 Without code audit, actual behavior unverifiable - could exfiltrate or modify beyond declared scope
SKILL.md:22

安全发现 3 项

严重性 安全发现 位置
中危
Documentation-only skill with unverifiable behavior 文档欺骗
The skill describes filesystem operations (compress, clean, write) on memory files but provides zero implementation code. Cannot verify if declared behavior matches actual execution.
功能: 定期整理记忆文件,压缩冗余内容,清理过期信息
→ Require submission of implementation scripts (Python/Bash) that can be audited for actual file operations, network access, and data handling.
 SKILL.md:1
中危
Undeclared scheduled execution mechanism 权限提升
SKILL.md states '定时任务自动执行: 每周日22:00' but does not explain how scheduled execution is implemented. Could involve cron jobs, systemd timers, or hidden agent hooks.
定时触发: 每周日22:00
→ Specify the exact mechanism for scheduled execution. If using cron, declare it in documentation.
 SKILL.md:22
低危
Memory file access without visibility into data handling 敏感访问
Skill operates on memory files that may contain sensitive user data, preferences, or potentially credentials. No code to verify data remains local and is not exfiltrated.
L1 日记 (memory/YYYY-MM-DD.md)
→ Add explicit statement that memory contents are processed locally only and not transmitted externally.
 SKILL.md:12
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✗ 越权 SKILL.md describes '压缩冗余内容,清理过期信息' (compress redundant content, clean expired in…

目录结构

1 文件 · 1.1 KB · 48 行
Markdown 1f · 48L
└─ 📝 SKILL.md Markdown 48L · 1.1 KB

安全亮点

✓ No network requests described in documentation
✓ No credential harvesting mentioned
✓ No base64, eval, or obfuscation patterns visible in docs
✓ Core concept (memory compression) is functionally legitimate