cxm-neural-memory 安全扫描报告 — 低风险 | ClawSafe

25 /100

cxm-neural-memory

Localized Neural Memory and architectural mapping tool for semantic code search and dependency analysis

CXM Neural Memory is a legitimate code indexing and semantic search tool with solid security practices, but has incomplete disclosure in SKILL.md regarding shell history and AI CLI session data access.

技能名称cxm-neural-memory

分析耗时68.4s

引擎pi

✓

可以安装

Update SKILL.md to explicitly declare reading of .bash_history and AI CLI session directories (Claude Code/Gemini) as part of the context gathering feature.

安全发现 3 项

严重性	安全发现	位置
中危	Undeclared shell history access The context_gatherer.py reads .bash_history from the user's home directory to gather shell context. This is not mentioned in SKILL.md security disclosure. `history_file = Path.home() / ".bash_history"` → Add shell history access to SKILL.md security disclosure section	`src/tools/context_gatherer.py:85`
中危	Undeclared AI CLI session access The tool reads session data from Claude Code (~/.claude) and Gemini CLI (~/.gemini) directories. This is documented in cli-reference.md but not in the main SKILL.md. `def gather_gemini_cli_context()` → Add AI CLI session reading to SKILL.md security disclosure or consolidate documentation	`src/tools/context_gatherer.py:139`
低危	Pre-scan false positive: Hardcoded IPs The pre-scan flagged NVIDIA CUDA package versions (e.g., nvidia-cublas-cu12==12.8.4.1) as hardcoded IP addresses. These are legitimate version numbers, not network IPs. `nvidia-cublas-cu12==12.8.4.1` → No action needed - false positive from pattern matching	`requirements.txt:107`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	File indexing declared in SKILL.md
网络访问	`READ`	`READ`	✓ 一致	HuggingFace model download declared
命令执行	`NONE`	`READ`	✓ 一致	Reads .bash_history without declaration
环境变量	`NONE`	`READ`	✓ 一致	Reads Claude/Gemini CLI session files

7 高危 11 项发现

📡

高危 IP 地址硬编码 IP 地址

5.2.18.0

requirements.txt:91

📡

高危 IP 地址硬编码 IP 地址

12.8.4.1

requirements.txt:107

📡

高危 IP 地址硬编码 IP 地址

9.10.2.21

requirements.txt:111

📡

高危 IP 地址硬编码 IP 地址

11.3.3.83

requirements.txt:112

📡

高危 IP 地址硬编码 IP 地址

1.13.1.3

requirements.txt:113

📡

高危 IP 地址硬编码 IP 地址

11.7.3.90

requirements.txt:115

📡

高危 IP 地址硬编码 IP 地址

12.5.8.93

requirements.txt:116

🔗

中危外部 URL 外部 URL

https://www.python.org/downloads/

docs/install.md:45

🔗

中危外部 URL 外部 URL

https://git-scm.com/

docs/install.md:46

🔗

中危外部 URL 外部 URL

https://visualstudio.microsoft.com/visual-cpp-build-tools/

docs/install.md:50

📧

提示邮箱邮箱地址

[email protected]

requirements.txt:25

目录结构

48 文件 · 200.3 KB · 5548 行

Python 31f · 4425L Markdown 7f · 561L Text 2f · 248L YAML 3f · 173L JSON 4f · 103L TOML 1f · 38L

├─ ▾ 📁 docs

│ ├─ ▾ 📁 cxm-neural-memory

│ │ └─ 📝 SKILL.md Markdown 63L · 2.7 KB

│ ├─ 📋 agent_skill.json JSON 85L · 3.2 KB

│ ├─ 📝 agent_skill.md Markdown 55L · 2.4 KB

│ ├─ 📝 cli-reference.md Markdown 110L · 3.7 KB

│ ├─ 📝 install.md Markdown 90L · 2.6 KB

│ ├─ 📝 README_SKILL.md Markdown 112L · 3.5 KB

│ └─ 📝 visions.md Markdown 68L · 4.4 KB

├─ ▾ 📁 src

│ ├─ ▾ 📁 core

│ │ ├─ 🐍 __init__.py Python 1L · 39 B

│ │ ├─ 🐍 architect.py Python 53L · 2.2 KB

│ │ ├─ 🐍 audit.py Python 43L · 1.9 KB

│ │ ├─ 🐍 context_store.py Python 32L · 1.1 KB

│ │ ├─ 🐍 diagnostics.py Python 35L · 1.3 KB

│ │ ├─ 🐍 enhancer.py Python 263L · 8.3 KB

│ │ ├─ 🐍 factory.py Python 128L · 5.3 KB

│ │ ├─ 🐍 grapher.py Python 94L · 3.2 KB

│ │ ├─ 🐍 interfaces.py Python 37L · 1.2 KB

│ │ ├─ 🐍 patcher.py Python 106L · 4.3 KB

│ │ ├─ 🐍 pattern_optimizer.py Python 20L · 837 B

│ │ ├─ 🐍 rag.py Python 532L · 20.4 KB

│ │ ├─ 🐍 reranker.py Python 147L · 4.9 KB

│ │ ├─ 🐍 retriever.py Python 193L · 5.7 KB

│ │ └─ 🐍 watcher.py Python 84L · 3.0 KB

│ ├─ ▾ 📁 engines

│ │ ├─ 📋 claude-opus.json JSON 6L · 248 B

│ │ ├─ 📋 gemini-pro.json JSON 6L · 258 B

│ │ └─ 📋 gpt-alpha.json JSON 6L · 246 B

│ ├─ ▾ 📁 locales

│ │ ├─ 📋 de.yaml YAML 83L · 3.1 KB

│ │ └─ 📋 en.yaml YAML 83L · 3.0 KB

│ ├─ ▾ 📁 ml

│ │ ├─ 🐍 __init__.py Python 1L · 39 B

│ │ ├─ 🐍 context_evaluator.py Python 126L · 5.1 KB

│ │ ├─ 🐍 intent_analyzer.py Python 183L · 7.3 KB

│ │ ├─ 🐍 prompt_assembler.py Python 295L · 10.2 KB

│ │ └─ 🐍 prompt_refiner.py Python 378L · 12.2 KB

│ ├─ ▾ 📁 resources

│ │ ├─ ▾ 📁 diagnostic-templates

│ │ │ └─ 📄 probe-gemini.txt Text 1L · 225 B

│ │ └─ ▾ 📁 patterns

│ │ └─ 📋 math-precision.yaml YAML 7L · 348 B

│ ├─ ▾ 📁 tools

│ │ ├─ 🐍 context_gatherer.py Python 273L · 8.9 KB

│ │ └─ 🐍 github_cloner.py Python 60L · 2.5 KB

│ ├─ ▾ 📁 utils

│ │ ├─ 🐍 i18n.py Python 41L · 1.2 KB

│ │ ├─ 🐍 logger.py Python 36L · 1.2 KB

│ │ └─ 🐍 paths.py Python 77L · 2.8 KB

│ ├─ 🐍 cli.py Python 405L · 16.3 KB

│ ├─ 🐍 config.py Python 97L · 3.2 KB

│ ├─ 🐍 dashboard.py Python 320L · 13.8 KB

│ ├─ 🐍 gui.py Python 111L · 3.8 KB

│ ├─ 🐍 main.py Python 157L · 5.4 KB

│ └─ 🐍 skill_exporter.py Python 97L · 4.3 KB

├─ 📄 pyproject.toml TOML 38L · 799 B

├─ 📄 requirements.txt Text 247L · 5.1 KB

└─ 📝 SKILL.md Markdown 63L · 2.7 KB

依赖分析 4 项

包名	版本	来源	已知漏洞	备注
`sentence-transformers`	`5.2.3`	pip	否	ML embeddings library
`faiss-cpu`	`1.13.2`	pip	否	Vector search index
`torch`	`2.10.0`	pip	否	ML framework
`GitPython`	`3.1.46`	pip	否	Git operations

安全亮点

✓ Secret masking implemented in RAG engine (SECRET_PATTERNS for API keys, AWS credentials, GitHub tokens)

✓ Path traversal protection in github_cloner.py with proper validation

✓ Subprocess calls use list arguments instead of shell=True for security

✓ File size limits (10MB) prevent indexing of large files/models

✓ Sensitive config keys (api_key, github_token, secret) filtered from disk persistence

✓ Skip lists exclude .git, __pycache__, node_modules, and other sensitive directories

✓ No external data exfiltration detected - all data stays local in ~/.cxm/