Scan Report
5 /100
neural-memory
Neural network-inspired memory system with activation spreading and associative retrieval for AI agents
This is a legitimate neural memory/knowledge graph system. All capabilities (filesystem WRITE, network READ for LLM APIs, environment READ for API keys) are properly declared and fully accounted for in the code. No hidden behavior, credential exfiltration, or suspicious patterns detected.
Safe to install
Approve for use. The skill's behavior is entirely consistent with its documentation. LLM API calls are intentional for semantic analysis. Credential access is limited to reading env vars for the user's own configured API key.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | All file I/O operations in setup.py, manager.py, lazy_manager.py, neuron_builder… |
| Network | READ | READ | ✓ Aligned | intent_layer.py:68-107 calls OpenRouter API for concept extraction; semantic_eng… |
| Environment | READ | READ | ✓ Aligned | NEURAL_MEMORY_LLM_API_KEY, OPENROUTER_API_KEY, OPENAI_API_KEY read only; credent… |
| Shell | NONE | NONE | — | No subprocess, os.system, or shell execution calls found in any file |
| Skill Invoke | NONE | NONE | — | adapter.py imports openclaw.memory only for integration compatibility, no recurs… |
| Clipboard | NONE | NONE | — | No clipboard access found |
| Browser | NONE | NONE | — | No browser automation found |
| Database | NONE | NONE | — | No SQL or database operations found; storage is JSON files only |
1 findings
Medium External URL 外部 URL
https://openrouter.ai/api/v1 SKILL.md:96 File Tree
23 files · 161.8 KB · 4516 lines Python 17f · 3188L
Markdown 5f · 1244L
YAML 1f · 84L
├─
▾
references
│ ├─
api.md
Markdown
│ └─
architecture.md
Markdown
├─
▾
scripts
│ ├─
▾
thinking
│ │ ├─
▾
core
│ │ │ ├─
▾
intent
│ │ │ │ ├─
__init__.py
Python
│ │ │ │ ├─
intent_layer.py
Python
│ │ │ │ ├─
related_neuron.py
Python
│ │ │ │ └─
semantic_engine.py
Python
│ │ │ ├─
__init__.py
Python
│ │ │ ├─
engine.py
Python
│ │ │ ├─
models.py
Python
│ │ │ ├─
neuron_builder.py
Python
│ │ │ └─
synapse_manager.py
Python
│ │ ├─
▾
storage
│ │ │ ├─
lazy_manager.py
Python
│ │ │ └─
manager.py
Python
│ │ ├─
__init__.py
Python
│ │ ├─
adapter.py
Python
│ │ ├─
config.yaml
YAML
│ │ ├─
ENHANCED_GUIDE.md
Markdown
│ │ ├─
enhanced_init.py
Python
│ │ ├─
init.py
Python
│ │ ├─
quick_init.py
Python
│ │ └─
README.md
Markdown
│ └─
setup.py
Python
└─
SKILL.md
Markdown
Dependencies 4 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
openai | * | pip | No | Optional; only used if HAS_OPENAI=True and API key configured |
requests | * | pip | No | Optional; present in try/except, degrades gracefully |
pyyaml | * | pip | No | Optional; fallback to JSON if not available |
numpy | * | pip | No | Used only for cosine similarity math on local embeddings |
Security Positives
✓ No shell execution (subprocess, os.system, popen) anywhere in codebase
✓ No credential harvesting - API key access is read-only and only reads the user's own configured key
✓ No base64, eval, or exec calls found
✓ No curl|bash or wget|sh remote script execution
✓ No access to ~/.ssh, ~/.aws, or other sensitive credential paths
✓ No hidden HTML comments or steganographic payloads
✓ No C2 communication or data exfiltration patterns
✓ Network calls are exclusively to user's own configured LLM provider (OpenRouter) for semantic analysis - fully documented
✓ No supply chain risks - uses only standard libraries (openai, requests) with proper error handling
✓ No obfuscation techniques detected
✓ Memory storage is entirely local under ~/.openclaw/neural-memory/
✓ No cron/scheduled tasks or persistence mechanisms beyond local file storage
✓ No prompt injection vectors found in user-facing code