by 安全扫描
OpenClaw
安全
high confidenceThis package is an interface-only skill that only declares abstract Python interfaces and requests no credentials or installs; the contents are coherent with its description, with minor documentation-level inconsistencies to be aware of.
评估建议
This package appears to be a harmless, interface-only library. Before you install or run anything from the external implementation repository referenced in the README (https://cnb.cool/llm-memory-integrat/llm.git): 1) Inspect that implementation's code for network calls, subprocess usage, or credential consumption; 2) Prefer cloning from trusted/official hosts when possible; 3) If the implementation requires API keys (VectorConfig.api_key), only provide keys with appropriate least privilege and ...详细分析 ▾
✓ 用途与能力
The name/description say this is a pure interface package and the included Python files are abstract base classes and dataclasses defining Memory, Search, and Vector interfaces. No unrelated binaries, env vars, or capabilities are requested — the declared purpose matches the code.
ℹ 指令范围
SKILL.md consistently states this is an interface-only package with no network/file/subprocess usage, and runtime instructions do not ask the agent to read local secrets. However, the README suggests cloning an external private repository (https://cnb.cool/llm-memory-integrat/llm.git) to obtain implementations. That cloning step would be a network operation performed by the user (not the skill itself) and is optional, so the skill's runtime instructions remain limited; still, the documentation claim 'network: false' is slightly misleading because it points users to an external repo.
ℹ 安装机制
There is no install spec and no code that would be executed at install time. The package.json references a repository URL hosted on cnb.cool (an external/unfamiliar domain). While the skill itself doesn't auto-download code, the README's guidance to git clone that URL means installing the implementation would involve fetching code from an unvetted host — review that implementation before running it.
✓ 凭证需求
The skill declares no required environment variables or credentials. The VectorConfig dataclass includes optional fields like api_key and base_url, which is reasonable for an interface (implementations may require keys), but the interface package itself does not request or store secrets.
✓ 持久化与权限
The skill does not request persistent/always-on presence (always: false) and does not modify other skills or system settings. Autonomous invocation is allowed by default (disable-model-invocation: false) but this is standard and not a red flag here.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv9.0.02026/4/16
纯接口包:移除所有实现代码,仅保留接口定义。无网络访问、无hooks、无原生扩展。
● Pending
安装命令
点击复制官方npx clawhub@latest install llm-memory-interface-only
镜像加速npx clawhub@latest install llm-memory-interface-only --registry https://cn.longxiaskill.com
技能文档
⚠️ 重要说明
本包为纯接口定义包,不包含任何实现代码。
| 组件 | 本包 | 私有包 |
|---|---|---|
| 接口定义 | ✅ | - |
| 实现代码 | ❌ | ✅ |
| 网络访问 | ❌ | ✅ |
| 原生扩展 | ❌ | ✅ |
接口列表
MemoryInterface
记忆管理接口:add, get, update, delete, listSearchInterface
搜索接口:search, hybrid_search, fts_searchVectorInterface
向量接口:embed, embed_single, similarity, batch_embed获取完整实现
# 克隆私有包 git clone https://cnb.cool/llm-memory-integrat/llm.git
# 或查看私有包说明 # https://cnb.cool/llm-memory-integrat/llm
使用示例
from src.interfaces import MemoryInterface, SearchInterface, VectorInterface
# 实现这些接口 class MyMemory(MemoryInterface): def add(self, content, metadata=None): # 你的实现 pass # ... 其他方法
纯接口包 v9.0.0 - 无实现、无风险