中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:19 小时前 重新扫描
5 /100
neural-memory
Neural network-inspired memory system with activation spreading and associative retrieval for AI agents
This is a legitimate neural memory/knowledge graph system. All capabilities (filesystem WRITE, network READ for LLM APIs, environment READ for API keys) are properly declared and fully accounted for in the code. No hidden behavior, credential exfiltration, or suspicious patterns detected.
技能名称neural-memory
分析耗时55.6s
引擎pi
可以安装
Approve for use. The skill's behavior is entirely consistent with its documentation. LLM API calls are intentional for semantic analysis. Credential access is limited to reading env vars for the user's own configured API key.
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 All file I/O operations in setup.py, manager.py, lazy_manager.py, neuron_builder…
网络访问 READ READ ✓ 一致 intent_layer.py:68-107 calls OpenRouter API for concept extraction; semantic_eng…
环境变量 READ READ ✓ 一致 NEURAL_MEMORY_LLM_API_KEY, OPENROUTER_API_KEY, OPENAI_API_KEY read only; credent…
命令执行 NONE NONE No subprocess, os.system, or shell execution calls found in any file
技能调用 NONE NONE adapter.py imports openclaw.memory only for integration compatibility, no recurs…
剪贴板 NONE NONE No clipboard access found
浏览器 NONE NONE No browser automation found
数据库 NONE NONE No SQL or database operations found; storage is JSON files only
1 项发现
🔗
中危 外部 URL 外部 URL
https://openrouter.ai/api/v1
SKILL.md:96

目录结构

23 文件 · 161.8 KB · 4516 行
Python 17f · 3188L Markdown 5f · 1244L YAML 1f · 84L
├─ 📁 references
│ ├─ 📝 api.md Markdown 369L · 10.4 KB
│ └─ 📝 architecture.md Markdown 303L · 11.9 KB
├─ 📁 scripts
│ ├─ 📁 thinking
│ │ ├─ 📁 core
│ │ │ ├─ 📁 intent
│ │ │ │ ├─ 🐍 __init__.py Python 12L · 341 B
│ │ │ │ ├─ 🐍 intent_layer.py Python 367L · 14.4 KB
│ │ │ │ ├─ 🐍 related_neuron.py Python 25L · 831 B
│ │ │ │ └─ 🐍 semantic_engine.py Python 292L · 10.7 KB
│ │ │ ├─ 🐍 __init__.py Python 22L · 565 B
│ │ │ ├─ 🐍 engine.py Python 153L · 6.0 KB
│ │ │ ├─ 🐍 models.py Python 136L · 4.3 KB
│ │ │ ├─ 🐍 neuron_builder.py Python 224L · 8.2 KB
│ │ │ └─ 🐍 synapse_manager.py Python 283L · 11.9 KB
│ │ ├─ 📁 storage
│ │ │ ├─ 🐍 lazy_manager.py Python 378L · 14.6 KB
│ │ │ └─ 🐍 manager.py Python 330L · 13.5 KB
│ │ ├─ 🐍 __init__.py Python 96L · 3.6 KB
│ │ ├─ 🐍 adapter.py Python 172L · 6.0 KB
│ │ ├─ 📋 config.yaml YAML 84L · 2.4 KB
│ │ ├─ 📝 ENHANCED_GUIDE.md Markdown 119L · 3.5 KB
│ │ ├─ 🐍 enhanced_init.py Python 305L · 13.3 KB
│ │ ├─ 🐍 init.py Python 71L · 2.6 KB
│ │ ├─ 🐍 quick_init.py Python 53L · 2.0 KB
│ │ └─ 📝 README.md Markdown 260L · 7.1 KB
│ └─ 🐍 setup.py Python 269L · 8.9 KB
└─ 📝 SKILL.md Markdown 193L · 4.8 KB

依赖分析 4 项

包名版本来源已知漏洞备注
openai * pip Optional; only used if HAS_OPENAI=True and API key configured
requests * pip Optional; present in try/except, degrades gracefully
pyyaml * pip Optional; fallback to JSON if not available
numpy * pip Used only for cosine similarity math on local embeddings

安全亮点

✓ No shell execution (subprocess, os.system, popen) anywhere in codebase
✓ No credential harvesting - API key access is read-only and only reads the user's own configured key
✓ No base64, eval, or exec calls found
✓ No curl|bash or wget|sh remote script execution
✓ No access to ~/.ssh, ~/.aws, or other sensitive credential paths
✓ No hidden HTML comments or steganographic payloads
✓ No C2 communication or data exfiltration patterns
✓ Network calls are exclusively to user's own configured LLM provider (OpenRouter) for semantic analysis - fully documented
✓ No supply chain risks - uses only standard libraries (openai, requests) with proper error handling
✓ No obfuscation techniques detected
✓ Memory storage is entirely local under ~/.openclaw/neural-memory/
✓ No cron/scheduled tasks or persistence mechanisms beyond local file storage
✓ No prompt injection vectors found in user-facing code