中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:2 天前 重新扫描
15 /100
hermes-learning-loop
Self-improving learning loop inspired by Hermes Agent. Automatically extracts successful workflows, creates skills, and persists knowledge across sessions.
A legitimate self-improving learning loop skill that writes skills and memories to local directories. No malicious behavior detected.
技能名称hermes-learning-loop
分析耗时38.9s
引擎pi
可以安装
This skill is safe to use. No security concerns warrant blocking. Consider adding package.json with "type": "module" for proper ES module support.

安全发现 2 项

严重性 安全发现 位置
低危
Missing package.json configuration
The script uses ES module syntax (import statements) but there's no package.json with '"type": "module"' declaration. This may cause execution failures in Node.js.
import { readFile, writeFile, mkdir, readdir, stat, appendFile } from 'fs/promises'
→ Add package.json with { "type": "module" } for proper ES module support
 scripts/learning-loop.js:1
提示
SQLite/FTS5 mentioned but not implemented
SKILL.md documents SQLite FTS5 for session search, but the actual code only uses JSON files and markdown. The implementation is simpler than documentation suggests.
FTS5 Session Search — SQLite-powered historical context retrieval
→ Either implement SQLite FTS5 or remove from documentation
 SKILL.md:31
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 learning-loop.js:8-14 uses fs/promises (readFile, writeFile, mkdir, appendFile)
网络访问 NONE NONE No network modules imported or used
命令执行 NONE NONE No child_process, exec, spawn, or shell command execution
环境变量 READ READ ✓ 一致 learning-loop.js:16-23 reads OPENCLAW_WORKSPACE, LEARNING_* env vars
技能调用 WRITE WRITE ✓ 一致 Creates SKILL.md files in ~/.openclaw/skills/<category>/<name>/
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation
数据库 NONE NONE Mentions SQLite FTS5 in docs but no actual database implementation in code
3 项发现
🔗
中危 外部 URL 外部 URL
https://hermes-agent.nousresearch.com/
README.md:213
🔗
中危 外部 URL 外部 URL
https://agentskills.io/specification
README.md:214
🔗
中危 外部 URL 外部 URL
https://www.sqlite.org/fts5.html
SKILL.md:377

目录结构

3 文件 · 33.0 KB · 1150 行
Markdown 2f · 607L JavaScript 1f · 543L
├─ 📁 scripts
│ └─ 📜 learning-loop.js JavaScript 543L · 16.2 KB
├─ 📝 README.md Markdown 222L · 5.4 KB
└─ 📝 SKILL.md Markdown 385L · 11.5 KB

安全亮点

✓ No shell execution (subprocess/exec/spawn)
✓ No network requests or external IP connections
✓ No credential harvesting (no ~/.ssh, ~/.aws, .env access)
✓ No base64 or obfuscated code execution
✓ No dynamic code evaluation (eval, Function, etc.)
✓ No data exfiltration patterns
✓ No hidden functionality in HTML comments or hidden files
✓ Filesystem operations aligned with documented purpose (skill/memory persistence)