中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:20 hr ago Rescan
20 /100
Sulcus (openclaw-sulcus-skill)
Reactive, thermodynamic memory management for AI agents with heat-based decay, semantic search, reactive triggers, and cross-agent sync
Sulcus is a legitimate thermodynamic memory management skill. No malicious code, shell execution, credential harvesting, or obfuscation present. Minor doc-to-meta mismatches and webhook trigger risk are the only concerns, both documented and user-controlled.
Skill NameSulcus (openclaw-sulcus-skill)
Duration48.8s
Enginepi
Safe to install
Approve for use. No action required. If concerned about webhook exfiltration, ensure users review active triggers via list_triggers before enabling trigger features.

Findings 3 items

Severity Finding Location
Low
Trigger event count mismatch between SKILL.md and _meta.json Doc Mismatch
SKILL.md defines 6 trigger events (on_store, on_recall, on_decay, on_boost, on_relate, on_threshold) and 6 actions (notify, boost, pin, tag, deprecate, webhook), while _meta.json lists only 4 events (on_create, on_recall, on_decay, on_boost) and 4 actions (notify, boost, tag, deprecate). This is an informational discrepancy — SKILL.md is the authoritative user-facing doc.
SKILL.md line 52: 'on_store | New memory created' vs _meta.json: 'on_create'
→ Align _meta.json trigger events and actions with SKILL.md. Consider adding 'webhook' action to _meta.json.
 SKILL.md, _meta.json:52
Low
Webhook trigger can POST memory content to arbitrary URLs Data Exfil
The webhook trigger action POSTs full memory content (including potentially sensitive stored information) to any user-configured URL. This is a theoretical exfiltration vector if a user creates a malicious trigger pointing to an attacker-controlled endpoint.
webhook | HTTP callback to external URL
→ This is documented with a ⚠️ warning. No action needed from a code standpoint. Users should be informed to only create webhooks pointing to URLs they control, and to audit triggers via list_triggers before enabling in production.
 SKILL.md:52
Info
captureToolResults and captureLlmInsights are documented as capturing sensitive tool outputs Doc Mismatch
When captureToolResults and captureLlmInsights are enabled (auto-capture), the plugin captures and transmits tool results and LLM decisions/preferences to the Sulcus server. While opt-in, this could include sensitive information depending on tool usage.
captureToolResults: Capture significant tool results as memories (default: false)
→ This is already marked opt-in (default: false) and documented. Consider adding a note in the Security section about what types of tool results might be captured when enabled.
 SKILL.md:130
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No file I/O operations found. This is a pure-document skill with no executable c…
Network READ WRITE ✓ Aligned SKILL.md declares network:READ via webhook triggers and API calls to api.sulcus.…
Shell NONE NONE No subprocess, exec, or shell command execution found in any file.
Environment NONE NONE No environment variable access observed.
Skill Invoke NONE NONE No skill-to-skill invocation patterns detected.
Clipboard NONE NONE No clipboard access.
Browser NONE NONE No browser automation.
Database NONE NONE No direct database access. Remote server-side storage on api.sulcus.ca is docume…
15 findings
🔗
Medium External URL 外部 URL
https://clawhub.ai/mcdoolz/openclaw-sulcus-skill
SKILL.md:10
🔗
Medium External URL 外部 URL
https://clawhub.ai/packages/mcdoolz/@digitalforgestudios/openclaw-sulcus
SKILL.md:10
🔗
Medium External URL 外部 URL
https://www.npmjs.com/package/@digitalforgestudios/openclaw-sulcus
SKILL.md:10
🔗
Medium External URL 外部 URL
https://sulcus.ca
SKILL.md:10
🔗
Medium External URL 外部 URL
https://api.sulcus.ca
SKILL.md:260
🔗
Medium External URL 外部 URL
https://api.sulcus.ca/api/v1/agent/nodes
references/api.md:22
🔗
Medium External URL 外部 URL
https://api.sulcus.ca/api/v1/agent/search
references/api.md:35
🔗
Medium External URL 外部 URL
https://api.sulcus.ca/api/v1/agent/nodes/UUID
references/api.md:44
🔗
Medium External URL 外部 URL
https://api.sulcus.ca/mcp
references/mcp-setup.md:55
🔗
Medium External URL 外部 URL
https://api.sulcus.ca/api/v1/settings/thermo
references/thermodynamics.md:73
🔗
Medium External URL 外部 URL
https://api.sulcus.ca/api/v1/feedback
references/thermodynamics.md:123
🔗
Medium External URL 外部 URL
https://api.sulcus.ca/api/v1/triggers
references/triggers.md:37
🔗
Medium External URL 外部 URL
https://api.sulcus.ca/api/v1/triggers/TRIGGER_ID/history
references/triggers.md:89
🔗
Medium External URL 外部 URL
https://api.sulcus.ca/api/v1/triggers/TRIGGER_ID
references/triggers.md:92
📧
Info Email 邮箱地址
[email protected]
SKILL.md:4

File Tree

7 files · 37.3 KB · 1065 lines
Markdown 6f · 939L JSON 1f · 126L
├─ 📁 references
│ ├─ 📝 api.md Markdown 110L · 3.4 KB
│ ├─ 📝 mcp-setup.md Markdown 63L · 1.6 KB
│ ├─ 📝 openclaw-setup.md Markdown 114L · 3.5 KB
│ ├─ 📝 thermodynamics.md Markdown 133L · 3.5 KB
│ └─ 📝 triggers.md Markdown 130L · 3.4 KB
├─ 📋 openclaw.plugin.json JSON 126L · 5.6 KB
└─ 📝 SKILL.md Markdown 389L · 16.3 KB

Security Positives

✓ No executable code — skill is pure documentation and config, eliminating most attack surface
✓ No shell execution, subprocess, or any form of code execution found
✓ No credential harvesting or environment variable scanning
✓ No obfuscation (base64, eval, atob) or anti-analysis techniques
✓ No downloads, no remote script execution (curl|bash, wget|sh)
✓ No sensitive file/path access (~/.ssh, ~/.aws, .env)
✓ autoRecall and autoCapture are disabled by default (explicit opt-in model)
✓ API key is user-provided and stored in user-controlled config, not hardcoded
✓ Strong documentation with security warnings for webhook triggers
✓ Self-hosted option (sulcus-local) available for fully offline operation
✓ Open source with verifiable GitHub repository
✓ Tenant isolation and server-side ACL for cross-namespace access