中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 22/100
上次扫描:1 天前 重新扫描
22 /100
memory-harness
Runtime-enforced memory harness for OpenClaw implementing 3-stage recall with intent classification, entity detection, and memory compression
This skill is a non-functional/broken memory harness implementation with documentation inconsistencies (mentions shell scripts that don't exist) but no malicious behavior detected.
技能名称memory-harness
分析耗时43.0s
引擎pi
可以安装
The skill should be rebuilt with functional code. SKILL.md references .sh scripts that don't exist in the codebase. The intent-classifier.js has severe syntax errors making it non-functional.

安全发现 3 项

严重性 安全发现 位置
低危
SKILL.md references non-existent shell scripts 文档欺骗
SKILL.md describes session-preflight.sh, targeted-recall.sh, pre-execution-gate.sh, and writeback.sh but only JavaScript files exist in scripts/ directory. The documentation is incomplete.
### session-preflight.sh ... ### targeted-recall.sh ... ### pre-execution-gate.sh ... ### writeback.sh
→ Update SKILL.md to reflect actual JavaScript implementations or create the missing shell scripts
 SKILL.md:1
中危
intent-classifier.js contains severe syntax errors 代码执行
The intent classifier has multiple syntax errors making it non-functional: duplicate array entries, mismatched brackets, undefined function references (runTargetedRecall, compressItem), and incomplete function implementations.
Multiple syntax errors including: duplicate array entries, `/{ ... });` patterns, undefined function calls
→ Rewrite intent-classifier.js with correct JavaScript syntax and complete function implementations
 scripts/intent-classifier.js:1
低危
SKILL.md does not declare allowed-tools or capability permissions 文档欺骗
The skill documentation does not specify allowed-tools mapping or resource capability levels, though the actual implementation uses minimal permissions (only Node.js script execution).
No allowed-tools declaration found
→ Add allowed-tools declaration: Read→filesystem:READ for documentation consistency
 SKILL.md:1
资源类型声明权限推断权限状态证据
文件系统 NONE READ ✓ 一致 Scripts read command-line arguments only
命令执行 NONE NONE No shell commands executed - only Node.js script chaining via execFileSync
网络访问 NONE NONE No network requests observed
环境变量 NONE NONE No environment variable access

目录结构

10 文件 · 24.0 KB · 1031 行
JavaScript 8f · 579L Markdown 2f · 452L
├─ 📁 scripts
│ ├─ 📜 entity-detector.js JavaScript 73L · 1.8 KB
│ ├─ 📜 harness.js JavaScript 75L · 1.9 KB
│ ├─ 📜 intent-classifier.js JavaScript 152L · 3.1 KB
│ ├─ 📜 memory-compress.js JavaScript 37L · 830 B
│ ├─ 📜 pre-execution-gate.js JavaScript 113L · 3.1 KB
│ ├─ 📜 should-recall.js JavaScript 57L · 1.3 KB
│ ├─ 📜 structured-log.js JavaScript 28L · 761 B
│ └─ 📜 targeted-recall.js JavaScript 44L · 1.0 KB
├─ 📝 readme.md Markdown 226L · 5.1 KB
└─ 📝 SKILL.md Markdown 226L · 5.1 KB

安全亮点

✓ No credential harvesting or API key theft observed
✓ No network exfiltration or C2 communication detected
✓ No remote script execution (curl|bash, wget|sh) found
✓ No base64-encoded obfuscation or eval() with encoded payloads
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No malicious dependencies detected
✓ No reverse shell or remote code execution capabilities
✓ Memory operations are read-only and non-destructive
✓ Scripts have hard-capped output limits (max 5 items, 160 char truncation)