扫描报告
5 /100
elite-longterm-memory
Ultimate AI agent memory system combining WAL protocol, vector search, git-notes, and optional cloud backup
A straightforward AI agent memory management utility with no malicious indicators. All operations (file creation, optional network sync) are documented and benign.
可以安装
Approve for use. No security concerns identified.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | SKILL.md declares 'Read' but skill performs file writes 文档欺骗 | SKILL.md:1 |
| 低危 | Shell command uses bare tilde without quotes in documentation 敏感访问 | SKILL.md:293 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | WRITE | ✓ 一致 | SKILL.md metadata declares 'Read' but the skill creates SESSION-STATE.md, MEMORY… |
| 网络访问 | NONE | NONE | — | SuperMemory/Mem0 cloud sync is described as OPTIONAL and requires explicit user … |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution in bin/elite-memory.js; rm -rf in SKILL.md is d… |
| 环境变量 | NONE | NONE | — | Script only reads HOME env var for path construction; no iteration over env vars… |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | LanceDB is an optional plugin described in docs; no active database operations i… |
| 技能调用 | NONE | NONE | — | No cross-skill invocation |
1 严重 17 项发现
严重 危险命令 危险 Shell 命令
rm -rf ~ SKILL.md:293 中危 外部 URL 外部 URL
https://img.shields.io/npm/v/elite-longterm-memory.svg?style=flat-square README.md:5 中危 外部 URL 外部 URL
https://www.npmjs.com/package/elite-longterm-memory README.md:5 中危 外部 URL 外部 URL
https://img.shields.io/npm/dm/elite-longterm-memory.svg?style=flat-square README.md:6 中危 外部 URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg?style=flat-square README.md:7 中危 外部 URL 外部 URL
https://opensource.org/licenses/MIT README.md:7 中危 外部 URL 外部 URL
https://img.shields.io/badge/Claude-AI-orange?style=for-the-badge&logo=anthropic README.md:14 中危 外部 URL 外部 URL
https://img.shields.io/badge/GPT-OpenAI-412991?style=for-the-badge&logo=openai README.md:15 中危 外部 URL 外部 URL
https://img.shields.io/badge/Cursor-IDE-000000?style=for-the-badge README.md:16 中危 外部 URL 外部 URL
https://img.shields.io/badge/LangChain-Framework-1C3C3C?style=for-the-badge README.md:17 中危 外部 URL 外部 URL
https://clawdhub.com/skills/elite-longterm-memory README.md:157 中危 外部 URL 外部 URL
https://x.com/NextXFrontier README.md:162 中危 外部 URL 外部 URL
https://clawdhub.com/skills/bulletproof-memory SKILL.md:401 中危 外部 URL 外部 URL
https://clawdhub.com/skills/lancedb-memory SKILL.md:402 中危 外部 URL 外部 URL
https://clawdhub.com/skills/git-notes-memory SKILL.md:403 中危 外部 URL 外部 URL
https://clawdhub.com/skills/memory-hygiene SKILL.md:404 中危 外部 URL 外部 URL
https://clawdhub.com/skills/supermemory SKILL.md:405 目录结构
5 文件 · 24.0 KB · 820 行 Markdown 2f · 571L
JavaScript 1f · 187L
JSON 2f · 62L
├─
▾
bin
│ └─
elite-memory.js
JavaScript
├─
_meta.json
JSON
├─
package.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
mem0ai | ^1.0.0 | npm (optionalDependencies) | 否 | Optional dependency, not installed by default, requires user-supplied API key |
安全亮点
✓ No credential harvesting — skill does not read ~/.ssh, ~/.aws, .env, or iterate over process.env for secrets
✓ No network exfiltration — no outbound connections, no HTTP requests to external IPs
✓ No obfuscation — all code is plain JavaScript/Node.js, no base64, no eval()
✓ No supply chain risk — only optionalDependencies (mem0ai) is pinned to ^1.0.0, and it is optional and user-installed
✓ No persistence mechanisms — no cron jobs, no startup hooks, no backdoors
✓ No prompt injection — no hidden instructions in comments or strings
✓ No remote code execution — bin/elite-memory.js uses only fs/path built-ins
✓ File operations are scoped to the current working directory and explicitly documented paths under $HOME/.clawdbot
✓ Cloud sync features (SuperMemory, Mem0) are clearly optional and require explicit user API key setup