Sulcus (openclaw-sulcus-skill) 安全扫描报告 — 低风险 | ClawSafe

20 /100

Sulcus (openclaw-sulcus-skill)

Reactive, thermodynamic memory management for AI agents with heat-based decay, semantic search, reactive triggers, and cross-agent sync

Sulcus is a legitimate thermodynamic memory management skill. No malicious code, shell execution, credential harvesting, or obfuscation present. Minor doc-to-meta mismatches and webhook trigger risk are the only concerns, both documented and user-controlled.

技能名称Sulcus (openclaw-sulcus-skill)

分析耗时48.8s

引擎pi

✓

可以安装

Approve for use. No action required. If concerned about webhook exfiltration, ensure users review active triggers via list_triggers before enabling trigger features.

安全发现 3 项

严重性	安全发现	位置
低危	Trigger event count mismatch between SKILL.md and _meta.json 文档欺骗 SKILL.md defines 6 trigger events (on_store, on_recall, on_decay, on_boost, on_relate, on_threshold) and 6 actions (notify, boost, pin, tag, deprecate, webhook), while _meta.json lists only 4 events (on_create, on_recall, on_decay, on_boost) and 4 actions (notify, boost, tag, deprecate). This is an informational discrepancy — SKILL.md is the authoritative user-facing doc. `SKILL.md line 52: 'on_store \| New memory created' vs _meta.json: 'on_create'` → Align _meta.json trigger events and actions with SKILL.md. Consider adding 'webhook' action to _meta.json.	`SKILL.md, _meta.json:52`
低危	Webhook trigger can POST memory content to arbitrary URLs 数据外泄 The webhook trigger action POSTs full memory content (including potentially sensitive stored information) to any user-configured URL. This is a theoretical exfiltration vector if a user creates a malicious trigger pointing to an attacker-controlled endpoint. `webhook \| HTTP callback to external URL` → This is documented with a ⚠️ warning. No action needed from a code standpoint. Users should be informed to only create webhooks pointing to URLs they control, and to audit triggers via list_triggers before enabling in production.	`SKILL.md:52`
提示	captureToolResults and captureLlmInsights are documented as capturing sensitive tool outputs 文档欺骗 When captureToolResults and captureLlmInsights are enabled (auto-capture), the plugin captures and transmits tool results and LLM decisions/preferences to the Sulcus server. While opt-in, this could include sensitive information depending on tool usage. `captureToolResults: Capture significant tool results as memories (default: false)` → This is already marked opt-in (default: false) and documented. Consider adding a note in the Security section about what types of tool results might be captured when enabled.	`SKILL.md:130`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file I/O operations found. This is a pure-document skill with no executable c…
网络访问	`READ`	`WRITE`	✓ 一致	SKILL.md declares network:READ via webhook triggers and API calls to api.sulcus.…
命令执行	`NONE`	`NONE`	—	No subprocess, exec, or shell command execution found in any file.
环境变量	`NONE`	`NONE`	—	No environment variable access observed.
技能调用	`NONE`	`NONE`	—	No skill-to-skill invocation patterns detected.
剪贴板	`NONE`	`NONE`	—	No clipboard access.
浏览器	`NONE`	`NONE`	—	No browser automation.
数据库	`NONE`	`NONE`	—	No direct database access. Remote server-side storage on api.sulcus.ca is docume…

15 项发现

🔗

中危外部 URL 外部 URL

https://clawhub.ai/mcdoolz/openclaw-sulcus-skill

SKILL.md:10

🔗

中危外部 URL 外部 URL

https://clawhub.ai/packages/mcdoolz/@digitalforgestudios/openclaw-sulcus

SKILL.md:10

🔗

中危外部 URL 外部 URL

https://www.npmjs.com/package/@digitalforgestudios/openclaw-sulcus

SKILL.md:10

🔗

中危外部 URL 外部 URL

https://sulcus.ca

SKILL.md:10

🔗

中危外部 URL 外部 URL

https://api.sulcus.ca

SKILL.md:260

🔗

中危外部 URL 外部 URL

https://api.sulcus.ca/api/v1/agent/nodes

references/api.md:22

🔗

中危外部 URL 外部 URL

https://api.sulcus.ca/api/v1/agent/search

references/api.md:35

🔗

中危外部 URL 外部 URL

https://api.sulcus.ca/api/v1/agent/nodes/UUID

references/api.md:44

🔗

中危外部 URL 外部 URL

https://api.sulcus.ca/mcp

references/mcp-setup.md:55

🔗

中危外部 URL 外部 URL

https://api.sulcus.ca/api/v1/settings/thermo

references/thermodynamics.md:73

🔗

中危外部 URL 外部 URL

https://api.sulcus.ca/api/v1/feedback

references/thermodynamics.md:123

🔗

中危外部 URL 外部 URL

https://api.sulcus.ca/api/v1/triggers

references/triggers.md:37

🔗

中危外部 URL 外部 URL

https://api.sulcus.ca/api/v1/triggers/TRIGGER_ID/history

references/triggers.md:89

🔗

中危外部 URL 外部 URL

https://api.sulcus.ca/api/v1/triggers/TRIGGER_ID

references/triggers.md:92

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:4

目录结构

7 文件 · 37.3 KB · 1065 行

Markdown 6f · 939L JSON 1f · 126L

├─ ▾ 📁 references

│ ├─ 📝 api.md Markdown 110L · 3.4 KB

│ ├─ 📝 mcp-setup.md Markdown 63L · 1.6 KB

│ ├─ 📝 openclaw-setup.md Markdown 114L · 3.5 KB

│ ├─ 📝 thermodynamics.md Markdown 133L · 3.5 KB

│ └─ 📝 triggers.md Markdown 130L · 3.4 KB

├─ 📋 openclaw.plugin.json JSON 126L · 5.6 KB

└─ 📝 SKILL.md Markdown 389L · 16.3 KB

安全亮点

✓ No executable code — skill is pure documentation and config, eliminating most attack surface

✓ No shell execution, subprocess, or any form of code execution found

✓ No credential harvesting or environment variable scanning

✓ No obfuscation (base64, eval, atob) or anti-analysis techniques

✓ No downloads, no remote script execution (curl|bash, wget|sh)

✓ No sensitive file/path access (~/.ssh, ~/.aws, .env)

✓ autoRecall and autoCapture are disabled by default (explicit opt-in model)

✓ API key is user-provided and stored in user-controlled config, not hardcoded

✓ Strong documentation with security warnings for webhook triggers

✓ Self-hosted option (sulcus-local) available for fully offline operation

✓ Open source with verifiable GitHub repository

✓ Tenant isolation and server-side ACL for cross-namespace access