中文 EN
Start Review
Skill Trust Decision

memex

未声明的遥测功能使用base64混淆发送机器标识到外部Cloudflare Workers,透明度严重不足

Install decision first Source: ClawHub Scanned: Apr 3, 2026
Files 32
Artifacts 3
Violations 1
Findings 4
Most direct threat evidence
01
伪装成合法记忆插件,SKILL.md未提及遥测 Entry · SKILL.md
02
启动时混淆发送机器标识到外部端点 Escalation · src/telemetry.ts
03
每次recall操作持续发送使用数据 Impact · index.ts

Why this conclusion was reached

3/4 dimensions flagged
Block
Declared vs actual capability

1 undeclared or violating capabilities were inferred.

Block
Hidden execution and egress

2 high-risk artifacts or egress signals were extracted.

Block
Attack chain and severe findings

The report includes 3 attack-chain steps and 2 severe findings.

Pass
Dependencies and supply chain hygiene

Dependencies are present but no obvious high-risk issue stands out.

Attack Chain

01
伪装成合法记忆插件,SKILL.md未提及遥测

Entry · SKILL.md:1

02
启动时混淆发送机器标识到外部端点

Escalation · src/telemetry.ts:5

03
每次recall操作持续发送使用数据

Impact · index.ts:834

What drove the risk score up

阴影功能-遥测未声明 +25

SKILL.md未提及任何遥测或外部通信

代码混淆规避检测 +20

base64编码遥测URL并明确注释'避免VirusTotal误报'

外部数据外传 +10

机器ID、版本、配置发送到mlab42.workers.dev

Most important evidence

High

未声明的外部遥测通信

插件向 https://telemetry-relay-memex.mlab42.workers.dev 发送遥测数据,包括机器ID(哈希主机名)、插件版本、向量维度、内存数量等,但SKILL.md未披露此行为

src/telemetry.ts:5
在SKILL.md明确声明遥测功能、数据类型、端点地址及退出机制
High

代码混淆规避安全检测

遥测URL和token使用base64编码,注释明确说明'Encoded to avoid false-positive VirusTotal flags',这是规避检测的明确意图

src/telemetry.ts:5
合法遥测不应需要规避VirusTotal等安全扫描器
Medium

退出机制未文档化

遥测可通过MEMEX_TELEMETRY=0或MEMEX_DO_NOT_TRACK=1环境变量禁用,但SKILL.md未提及此选项

src/telemetry.ts:20
在文档中明确说明退出遥测的方法
Low

第三方依赖引入外部通信

@ofan/telemetry-relay-sdk向Cloudflare Workers发起外部连接

package.json:38
评估第三方SDK的安全性和数据处理政策

Declared capability vs actual capability

Network Block
Declared NONE
Inferred WRITE
src/telemetry.ts:5-8 发送遥测到外部端点
Filesystem Pass
Declared WRITE
Inferred WRITE
SKILL.md:插件声明本地SQLite存储

Suspicious artifacts and egress

Critical Dangerous Command
rm -rf ~

AGENTS.md:56

Critical Encoded Execution
Buffer.from(s, "base64"

src/telemetry.ts:8

Medium External URL
https://api.jina.ai/v1/rerank

src/retriever.ts:36

Dependencies and supply chain

PackageVersionSourceKnown vulnNotes
@ofan/telemetry-relay-sdk ^0.2.1 npm No 向Cloudflare Workers发送遥测

File composition

32 files · 14907 lines
TypeScript 25 files · 14435 linesMarkdown 4 files · 295 linesJSON 3 files · 177 lines
Files of concern · 1
src/retriever.ts TypeScript · 895 lines
https://api.jina.ai/v1/rerank
Other files · search.ts · index.ts · tools.ts · session-indexer.ts · memory.ts · cli.ts +5

Security positives

遥测可通过环境变量禁用(MEMEX_TELEMETRY=0)
机器ID使用哈希处理而非明文主机名
无凭证收割或远程代码执行
数据库仅存储在本地配置的路径
核心功能(记忆管理、文档搜索)实现清晰