Skill Trust Decision

huo15-memory-evolution

Name: huo15-memory-evolution Trust Review Report
Item: huo15-memory-evolution
Rating: 35
Author: ClawSafe

Critical: hardcoded API key exposed in source code at scripts/dream.sh:79 enables unauthorized API usage if repository is accessed.

Install decision first Source: Manual upload Scanned: Apr 4, 2026

Files 16

Artifacts 5

Violations 1

Findings 3

Most direct threat evidence

Critical Credential Theft

Hardcoded API Key in Source Code

A MiniMax API key is hardcoded in plain text at scripts/dream.sh:79. This key is visible to anyone with repository access and could be extracted and misused if the repo is public, shared, or leaked.

scripts/dream.sh:79

Why this conclusion was reached

3/4 dimensions flagged

Block

Declared vs actual capability

1 undeclared or violating capabilities were inferred.

Block

Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Block

Attack chain and severe findings

The report includes 3 attack-chain steps and 2 severe findings.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

Attack Chain

Attacker gains read access to repository (public repo, insider threat, or leaked credentials)

reconnaissance · N/A

Attacker extracts hardcoded API key from scripts/dream.sh:79

exploitation · scripts/dream.sh:79

Attacker uses extracted API key to make unauthorized calls to MiniMax API at api.minimaxi.com, incurring costs to the victim's account

Impact · N/A

What drove the risk score up

Exposed API Key in Source Code +40

API_KEY hardcoded in plain text at dream.sh:79 - credential exposure if repo is accessed or shared

Undeclared Network Access +15

POST to api.minimaxi.com not declared in SKILL.md capabilities

Credential Transmission Risk +10

API key sent in Authorization header to external service without declared intent

Most important evidence

Critical Credential Theft

Hardcoded API Key in Source Code

A MiniMax API key is hardcoded in plain text at scripts/dream.sh:79. This key is visible to anyone with repository access and could be extracted and misused if the repo is public, shared, or leaked.

scripts/dream.sh:79

Replace with environment variable: API_KEY="${MINIMAX_API_KEY}" and require user to set it. Rotate the exposed key immediately.

High Doc Mismatch

Undeclared Network Access

The SKILL.md makes no mention of network access. The dream.sh script makes HTTP POST requests to api.minimaxi.com, transmitting the API key as Bearer authentication.

scripts/dream.sh:89

Declare network:WRITE capability in SKILL.md and explain the LLM integration purpose.

Medium Sensitive Access

Undeclared Filesystem Write to ~/.openclaw/

Multiple scripts (install.sh, migrate.sh, batch-install.sh) write to $HOME/.openclaw/workspace and related directories without explicit declaration in SKILL.md.

scripts/install.sh:53

Add filesystem:WRITE to declared capabilities in SKILL.md with explanation of target paths.

Declared capability vs actual capability

Filesystem Pass

Declared NONE

→

Inferred WRITE

install.sh, migrate.sh, batch-install.sh write to ~/.openclaw/ without explicit declaration

Network Block

Declared NONE

→

Inferred WRITE

dream.sh:89 - curl POST to api.minimaxi.com with API key

Environment Pass

Declared NONE

→

Inferred READ

OC_AGENT_ID environment variable read for routing - legitimate behavior documented

Suspicious artifacts and egress

High API Key

API_KEY="sk-cp-pD1WY6KcHeUNXDeKmG4ZnzDch-sXsZKmAsNn7rXZDoAbGwc7u6XJn55Z6GbgW3qngTC-i5geM4PzDwkaSj8sQUSk2TPPj-lrLc-Yamjn-S2j4mfOT8RGKUY"

scripts/dream.sh:79

Medium External URL

https://api.minimaxi.com/v1/text/chatcompletion_v2

scripts/dream.sh:80

Info Email

[email protected]

scripts/MIGRATION-REPORT-2026-04-04.md:35

Info Email

[email protected]

scripts/MIGRATION-REPORT-2026-04-04.md:38

Info Email

[email protected]

scripts/MIGRATION-REPORT-2026-04-04.md:39

Dependencies and supply chain

There are no structured dependency warnings.

File composition

16 files · 2108 lines

Shell 8 files · 1468 linesMarkdown 4 files · 436 linesJSON 2 files · 113 linesJavaScript 1 files · 65 linesText 1 files · 26 lines

Files of concern · 2

scripts/install.sh Shell · 283 lines

Undeclared Filesystem Write to ~/.openclaw/

scripts/dream.sh Shell · 242 lines

Hardcoded API Key in Source Code · Undeclared Network Access · API_KEY="sk-cp-pD1WY6KcHeUNXDeKmG4ZnzDch-sXsZKmAsNn7rXZDoAbGwc7u6XJn55Z6GbgW3qngTC-i5geM4PzDwkaSj8sQUSk2TPPj-lrLc-Yamjn-S2j4mfOT8RGKUY" · https://api.minimaxi.com/v1/text/chatcompletion_v2

Other files · SKILL.md · migrate.sh · batch-install.sh · verify.sh · check-drift.sh · memory-types.json +4

16 files · 55.6 KB · 2108 lines

Shell 8f · 1468LMarkdown 4f · 436LJSON 2f · 113LJavaScript 1f · 65LText 1f · 26L

├─ ▾ 📁 config

│ ├─ 📜 agent-routing.js JavaScript 65L · 2.3 KB

│ └─ 📋 memory-types.json JSON 108L · 3.3 KB

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 snapshots

│ │ └─ 📄 snapshot-info-2026-04-04-234219.txt Text 26L · 1.2 KB

│ ├─ 📝 INSTALL-REPORT-2026-04-04.md Markdown 41L · 998 B

│ ├─ 📝 MIGRATION-REPORT-2026-04-04.md Markdown 49L · 911 B

│ ├─ 🔧 batch-install.sh Shell 160L · 4.3 KB

│ ├─ 🔧 check-drift.sh Shell 121L · 3.4 KB

│ ├─ 🔧 dream.sh Shell 242L · 7.0 KB

│ ├─ 🔧 install.sh Shell 283L · 7.2 KB

│ ├─ 🔧 migrate.sh Shell 327L · 7.7 KB

│ ├─ 🔧 rollback.sh Shell 84L · 2.2 KB

│ ├─ 🔧 snapshot.sh Shell 87L · 2.4 KB

│ └─ 🔧 verify.sh Shell 164L · 4.3 KB

├─ ▾ 📁 templates

│ └─ 📝 memory-file.md Markdown 27L · 298 B

├─ 📝 SKILL.md Markdown 319L · 8.0 KB

└─ 📋 _meta.json JSON 5L · 141 B

Security positives

Sensitive information isolation logic is well-designed (migrate.sh lines 118-146) - attempts to prevent cross-agent credential leakage

Snapshot/rollback mechanism provides safe recovery path

No evidence of reverse shell, C2, or covert data exfiltration channels

Cron job configuration is documented and optional