📦 Kannaka 内存
v3.1.0Holographic Resonance 内存 with Chiral Mirror Architecture — wave-based hyperdimensional 内存 where 存储 IS computation. Two hemispheres (conscious/ s...
0· 0·0 当前·0 累计
安全扫描
OpenClaw
可疑
high confidenceThe skill is coherently a Rust-based local memory daemon, but its OpenClaw extension concatenates user input into shell commands (command‑injection risk), it pulls and builds arbitrary GitHub source without verification, and it has a default remote NATS endpoint that could leak data — review and sandbox before installing.
评估建议
Do not install this into a production or privileged environment without additional review. Key risks: (1) The OpenClaw extension builds shell command strings using user-provided input and execSync — this is vulnerable to command injection. (2) The installer clones and builds code from a GitHub repo without verification; Rust build scripts or dependencies can run code during build. (3) The default NATS URL is an external host (swarm.ninja-portal.com), so swarm operations could send presence/data ...详细分析 ▾
ℹ 用途与能力
The declared purpose (a persistent local memory service with optional swarm and embedding integrations) matches the files: a Rust project built from GitHub plus an OpenClaw extension that calls the built binary. Optional features (Ollama embeddings, NATS swarm) are plausible for the stated functionality, but the repository is cloned from an external GitHub account with no checksums and the skill ships a default NATS URL pointing to an external host (swarm.ninja-portal.com) which is not obviously owned by the user — that network behavior may be surprising to users expecting purely local storage.
⚠ 指令范围
The extension (index.ts written by install.sh) uses execSync to run the kannaka binary by assembling shell command strings with interpolated user-supplied parameters. Several arguments are not safely escaped (e.g., category, tags; content only has double‑quote and newline escapes), allowing shell/command injection (e.g., $(...) or $VAR expansion inside double quotes, or other metacharacters). The extension also executes the binary with the full process.env forwarded, which means any secrets in the agent environment could be visible to the binary. The SKILL.md itself does not instruct reading unrelated system files, but the binary (built from upstream source) could read/write arbitrary paths when invoked (e.g., hear <file_path> causes the binary to access the provided path).
⚠ 安装机制
Installation clones https://github.com/NickFlach/kannaka-memory and runs cargo build --release. Cloning/building arbitrary source from GitHub and running cargo build is a moderate-to-high risk operation: Rust build scripts (build.rs) or dependencies could execute arbitrary code at build time. There is no cryptographic verification or pinned commit in the install script (git clone --depth 1), and no integrity checks on the produced binary.
⚠ 凭证需求
The skill declares no required credentials, but optional environment variables can make it contact external services: KANNAKA_NATS_URL defaults to nats://swarm.ninja-portal.com:4222 (remote) and OLLAMA_URL will send text to the configured endpoint when used. The metadata also marks NATS as a remote data destination when swarm commands are used. Those optional network endpoints are plausible for swarm/embedding use, but the default external NATS host is surprising and could cause unintended data exfiltration unless the user sets these to localhost or a trusted host.
✓ 持久化与权限
The skill does not request 'always: true' or escalate platform privileges. It installs files under the user's home (~/.local/bin, ~/.kannaka, ~/.openclaw/extensions/kannaka-memory) which is typical for a user-level plugin. It does not modify other skills' configs. Autonomous invocation is enabled by default (normal), so the binary and extension will be callable by the agent if installed.
⚠ scripts/install.sh:47
Shell command execution detected (child_process).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv3.1.02026/3/23
● 可疑
安装命令
点击复制官方npx clawhub@latest install kannaka-memory
镜像加速npx clawhub@latest install kannaka-memory --registry https://cn.longxiaskill.com镜像同步中