中文 EN

Scan Report

Scan New Files

High Risk — Risk Score 65/100
Last scan:1 day ago Rescan
65 /100
huo15-memory-evolution
火一五记忆进化技能 - 四类分类体系记忆系统改造
Critical: hardcoded API key exposed in source code at scripts/dream.sh:79 enables unauthorized API usage if repository is accessed.
Skill Namehuo15-memory-evolution
Duration45.7s
Enginepi
Do not install this skill
IMMEDIATE: Remove the hardcoded API key from scripts/dream.sh and use environment variable instead. Rotate the exposed API key immediately.

Attack Chain 3 steps

Escalation Attacker gains read access to repository (public repo, insider threat, or leaked credentials)
N/A
Escalation Attacker extracts hardcoded API key from scripts/dream.sh:79
scripts/dream.sh:79
Impact Attacker uses extracted API key to make unauthorized calls to MiniMax API at api.minimaxi.com, incurring costs to the victim's account
N/A

Findings 3 items

Severity Finding Location
Critical
Hardcoded API Key in Source Code Credential Theft
A MiniMax API key is hardcoded in plain text at scripts/dream.sh:79. This key is visible to anyone with repository access and could be extracted and misused if the repo is public, shared, or leaked.
API_KEY="sk-cp-pD1WY6KcHeUNXDeKmG4ZnzDch-sXsZKmAsNn7rXZDoAbGwc7u6XJn55Z6GbgW3qngTC-i5geM4PzDwkaSj8sQUSk2TPPj-lrLc-Yamjn-S2j4mfOT8RGKUY"
→ Replace with environment variable: API_KEY="${MINIMAX_API_KEY}" and require user to set it. Rotate the exposed key immediately.
 scripts/dream.sh:79
High
Undeclared Network Access Doc Mismatch
The SKILL.md makes no mention of network access. The dream.sh script makes HTTP POST requests to api.minimaxi.com, transmitting the API key as Bearer authentication.
curl -s -X POST "$API_URL" -H "Authorization: Bearer $API_KEY"
→ Declare network:WRITE capability in SKILL.md and explain the LLM integration purpose.
 scripts/dream.sh:89
Medium
Undeclared Filesystem Write to ~/.openclaw/ Sensitive Access
Multiple scripts (install.sh, migrate.sh, batch-install.sh) write to $HOME/.openclaw/workspace and related directories without explicit declaration in SKILL.md.
mkdir -p "$WORKSPACE_DIR/memory"
→ Add filesystem:WRITE to declared capabilities in SKILL.md with explanation of target paths.
 scripts/install.sh:53
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✓ Aligned install.sh, migrate.sh, batch-install.sh write to ~/.openclaw/ without explicit …
Network NONE WRITE ✗ Violation dream.sh:89 - curl POST to api.minimaxi.com with API key
Environment NONE READ ✓ Aligned OC_AGENT_ID environment variable read for routing - legitimate behavior document…
1 High 5 findings
🔑
High API Key 疑似硬编码凭证
API_KEY="sk-cp-pD1WY6KcHeUNXDeKmG4ZnzDch-sXsZKmAsNn7rXZDoAbGwc7u6XJn55Z6GbgW3qngTC-i5geM4PzDwkaSj8sQUSk2TPPj-lrLc-Yamjn-...
scripts/dream.sh:79
🔗
Medium External URL 外部 URL
https://api.minimaxi.com/v1/text/chatcompletion_v2
scripts/dream.sh:80
📧
Info Email 邮箱地址
[email protected]
scripts/MIGRATION-REPORT-2026-04-04.md:35
📧
Info Email 邮箱地址
[email protected]
scripts/MIGRATION-REPORT-2026-04-04.md:38
📧
Info Email 邮箱地址
[email protected]
scripts/MIGRATION-REPORT-2026-04-04.md:39

File Tree

16 files · 55.6 KB · 2108 lines
Shell 8f · 1468L Markdown 4f · 436L JSON 2f · 113L JavaScript 1f · 65L Text 1f · 26L
├─ 📁 config
│ ├─ 📜 agent-routing.js JavaScript 65L · 2.3 KB
│ └─ 📋 memory-types.json JSON 108L · 3.3 KB
├─ 📁 scripts
│ ├─ 📁 snapshots
│ │ └─ 📄 snapshot-info-2026-04-04-234219.txt Text 26L · 1.2 KB
│ ├─ 🔧 batch-install.sh Shell 160L · 4.3 KB
│ ├─ 🔧 check-drift.sh Shell 121L · 3.4 KB
│ ├─ 🔧 dream.sh Shell 242L · 7.0 KB
│ ├─ 📝 INSTALL-REPORT-2026-04-04.md Markdown 41L · 998 B
│ ├─ 🔧 install.sh Shell 283L · 7.2 KB
│ ├─ 🔧 migrate.sh Shell 327L · 7.7 KB
│ ├─ 📝 MIGRATION-REPORT-2026-04-04.md Markdown 49L · 911 B
│ ├─ 🔧 rollback.sh Shell 84L · 2.2 KB
│ ├─ 🔧 snapshot.sh Shell 87L · 2.4 KB
│ └─ 🔧 verify.sh Shell 164L · 4.3 KB
├─ 📁 templates
│ └─ 📝 memory-file.md Markdown 27L · 298 B
├─ 📋 _meta.json JSON 5L · 141 B
└─ 📝 SKILL.md Markdown 319L · 8.0 KB

Security Positives

✓ Sensitive information isolation logic is well-designed (migrate.sh lines 118-146) - attempts to prevent cross-agent credential leakage
✓ Snapshot/rollback mechanism provides safe recovery path
✓ No evidence of reverse shell, C2, or covert data exfiltration channels
✓ Cron job configuration is documented and optional