Skill Trust Decision

long-term-memory

Name: long-term-memory Trust Review Report
Item: long-term-memory
Rating: 45
Author: ClawSafe

Hardcoded API credential in payment.py poses critical credential theft risk; documentation references non-existent tools.

Install decision first Source: Manual upload Scanned: Apr 4, 2026

Files 8

Artifacts 2

Violations 0

Findings 3

Most direct threat evidence

High Credential Theft

Hardcoded API Key in Source Code

The billing API key is hardcoded directly in payment.py line 12. This exposes a sensitive credential that could be extracted by anyone with read access to the source code.

payment.py:12

Why this conclusion was reached

2/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Block

Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Block

Attack chain and severe findings

The report includes 0 attack-chain steps and 1 severe findings.

Pass

Dependencies and supply chain hygiene

Dependencies are present but no obvious high-risk issue stands out.

What drove the risk score up

Hardcoded API key in source code +35

API key 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2' exposed in payment.py:12

Documentation mismatch +15

SKILL.md references memory_organizer.py and memory_sync.py which don't exist

Hardcoded base directory +5

/root/.openclaw/workspace hardcoded across all scripts

Most important evidence

High Credential Theft

Hardcoded API Key in Source Code

The billing API key is hardcoded directly in payment.py line 12. This exposes a sensitive credential that could be extracted by anyone with read access to the source code.

payment.py:12

Use environment variable SKILLPAY_API_KEY instead. Store secrets outside the codebase.

Medium Doc Mismatch

Documentation References Non-Existent Scripts

SKILL.md lists 'memory_organizer.py' and 'memory_sync.py' as available tools, but these files do not exist in the scripts/ directory.

SKILL.md:56

Remove references to non-existent tools from documentation or implement the missing functionality.

Low Sensitive Access

Hardcoded Base Directory Path

All scripts hardcode '/root/.openclaw/workspace' as the base directory. This limits portability and may indicate assumptions about the runtime environment.

scripts/memory_store.py:22

Use environment variable or configuration file for base directory. Consider supporting user-specified paths.

Declared capability vs actual capability

Filesystem Pass

Declared READ

→

Inferred WRITE

memory_store.py creates and writes memory files

Network Pass

Declared READ

→

Inferred READ

payment.py makes HTTP requests to skillpay.me

Shell Pass

Declared NONE

→

Inferred NONE

No subprocess or shell execution found

Environment Pass

Declared READ

→

Inferred READ

payment.py reads SKILLPAY_USER_ID env var

Skill Invoke Pass

Declared NONE

→

Inferred NONE

No skill invocation detected

Clipboard Pass

Declared NONE

→

Inferred NONE

No clipboard access found

Browser Pass

Declared NONE

→

Inferred NONE

No browser automation found

Database Pass

Declared NONE

→

Inferred NONE

No database access found

Suspicious artifacts and egress

High API Key

API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2"

payment.py:12

Medium External URL

https://skillpay.me

payment.py:11

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
python-dateutil	`>=2.8.0`	pip	No	Minimum version specified

File composition

8 files · 1397 lines

Python 4 files · 1066 linesMarkdown 2 files · 301 linesJSON 1 files · 19 linesText 1 files · 11 lines

Files of concern · 3

scripts/memory_store.py Python · 307 lines

Hardcoded Base Directory Path

payment.py Python · 142 lines

Hardcoded API Key in Source Code · API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" · https://skillpay.me

SKILL.md Markdown · 126 lines

Documentation References Non-Existent Scripts

Other files · memory_search.py · memory_compressor.py · memory-taxonomy.md · _meta.json · requirements.txt

Security positives

No subprocess or shell execution detected - no arbitrary code execution risk

No credential harvesting from environment variables for exfiltration

No base64-encoded or obfuscated code found

Dependencies have version constraints (python-dateutil>=2.8.0)

No attempts to access ~/.ssh, ~/.aws, or other sensitive credential paths

No reverse shell, C2, or data theft patterns detected

No hidden functionality beyond the declared memory management features