memory-harness Security Report — Low Risk | ClawSafe

22 /100

memory-harness

Runtime-enforced memory harness for OpenClaw implementing 3-stage recall with intent classification, entity detection, and memory compression

This skill is a non-functional/broken memory harness implementation with documentation inconsistencies (mentions shell scripts that don't exist) but no malicious behavior detected.

Skill Namememory-harness

Duration43.0s

Enginepi

✓

Safe to install

The skill should be rebuilt with functional code. SKILL.md references .sh scripts that don't exist in the codebase. The intent-classifier.js has severe syntax errors making it non-functional.

Findings 3 items

Severity	Finding	Location
Low	SKILL.md references non-existent shell scripts Doc Mismatch SKILL.md describes session-preflight.sh, targeted-recall.sh, pre-execution-gate.sh, and writeback.sh but only JavaScript files exist in scripts/ directory. The documentation is incomplete. `### session-preflight.sh ... ### targeted-recall.sh ... ### pre-execution-gate.sh ... ### writeback.sh` → Update SKILL.md to reflect actual JavaScript implementations or create the missing shell scripts	`SKILL.md:1`
Medium	intent-classifier.js contains severe syntax errors RCE The intent classifier has multiple syntax errors making it non-functional: duplicate array entries, mismatched brackets, undefined function references (runTargetedRecall, compressItem), and incomplete function implementations. Multiple syntax errors including: duplicate array entries, `/{ ... });` patterns, undefined function calls → Rewrite intent-classifier.js with correct JavaScript syntax and complete function implementations	`scripts/intent-classifier.js:1`
Low	SKILL.md does not declare allowed-tools or capability permissions Doc Mismatch The skill documentation does not specify allowed-tools mapping or resource capability levels, though the actual implementation uses minimal permissions (only Node.js script execution). `No allowed-tools declaration found` → Add allowed-tools declaration: Read→filesystem:READ for documentation consistency	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	Scripts read command-line arguments only
Shell	`NONE`	`NONE`	—	No shell commands executed - only Node.js script chaining via execFileSync
Network	`NONE`	`NONE`	—	No network requests observed
Environment	`NONE`	`NONE`	—	No environment variable access

File Tree

10 files · 24.0 KB · 1031 lines

JavaScript 8f · 579L Markdown 2f · 452L

├─ ▾ 📁 scripts

│ ├─ 📜 entity-detector.js JavaScript 73L · 1.8 KB

│ ├─ 📜 harness.js JavaScript 75L · 1.9 KB

│ ├─ 📜 intent-classifier.js JavaScript 152L · 3.1 KB

│ ├─ 📜 memory-compress.js JavaScript 37L · 830 B

│ ├─ 📜 pre-execution-gate.js JavaScript 113L · 3.1 KB

│ ├─ 📜 should-recall.js JavaScript 57L · 1.3 KB

│ ├─ 📜 structured-log.js JavaScript 28L · 761 B

│ └─ 📜 targeted-recall.js JavaScript 44L · 1.0 KB

├─ 📝 readme.md Markdown 226L · 5.1 KB

└─ 📝 SKILL.md Markdown 226L · 5.1 KB

Security Positives

✓ No credential harvesting or API key theft observed

✓ No network exfiltration or C2 communication detected

✓ No remote script execution (curl|bash, wget|sh) found

✓ No base64-encoded obfuscation or eval() with encoded payloads

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No malicious dependencies detected

✓ No reverse shell or remote code execution capabilities

✓ Memory operations are read-only and non-destructive

✓ Scripts have hard-capped output limits (max 5 items, 160 char truncation)

Scan Report

Findings 3 items

File Tree

Security Positives