by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill is coherent with its stated purpose, but it assumes admin-level gateway access and CLI tools (gateway, qmd) that are not declared and it promotes writing session content — including potentially sensitive items — to disk automatically. Before using it: (1) test in a non-production/staging workspace; (2) ensure you (or the installer) have the required gateway admin rights and the qmd/gateway tooling available; (3) audit bootstrap files (TOOLS.md, MEMORY.md) and avoid storing plaintext c...详细分析 ▾
⚠ 用途与能力
The SKILL.md clearly aims to configure global gateway compaction and workspace file patterns. However, it prescribes global operations (e.g., running `gateway config.patch`, changing gateway defaults) and use of CLI tools (e.g., `qmd update && qmd embed`) while the manifest lists no required binaries, tools, or permission requirements. That mismatch implies the skill expects admin privileges and specific tooling that are not declared.
⚠ 指令范围
Instructions tell agents to run global config changes, call internal endpoints (`session_status`) before every reply, and have a silent pre-compaction flush that auto-writes to files (memory/YYYY-MM-DD.md) using a system prompt. Those behaviors are within the stated goal but broaden scope: they cause automatic on-disk writes of conversational content (which might include secrets), rely on internal APIs/commands (`/context list`, `/compact`) and assume the runtime supports them. The silent 'NO_REPLY' flush specifically increases risk of accidental persistence of sensitive data.
✓ 安装机制
Instruction-only skill with no install spec or external downloads — lowest install risk. There is no code to execute from third-party URLs.
⚠ 凭证需求
The manifest requests no credentials, which is consistent, but the guidance explicitly advises placing credentials/infrastructure maps in bootstrap files (TOOLS.md, MEMORY.md). Recommending storing credentials in workspace files increases risk of local secret exposure. Also, the skill implicitly requires administrative access to gateway configuration and QMD tooling even though it doesn't declare needing such privileges.
ℹ 持久化与权限
The skill does not request 'always: true' and allows model invocation (normal defaults). It instructs global config changes and persistent file patterns which means it will change agent behavior persistently across sessions, but that is consistent with its purpose — just requires appropriate privileges and care.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/7
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install openclaw-memory-resilience
镜像加速npx clawhub@latest install openclaw-memory-resilience --registry https://cn.longxiaskill.com