by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill implements a system-wide memory scanner that reads /proc for every process and writes snapshots and per-PID trend files under /var/log/memory-inspector; before installing, verify the following: (1) Privileges: to see other users' processes and to write /var/log you likely must run the script as root — decide if you are comfortable granting that. (2) Sensitive data: the script stores truncated process command lines (cmdline), which can contain secrets; remove or sanitize cmdline captur...详细分析 ▾
ℹ 用途与能力
Name and description match the instructions: the SKILL.md defines a scanner that reads /proc, records RSS/VmSize over time, and produces reports. However the skill does not declare that it needs elevated privileges or file-system write access (it writes under /var/log/memory-inspector and suggests installing a cron job), which is a practical requirement for full-system coverage and should have been stated.
⚠ 指令范围
Instructions explicitly read /proc/<pid>/status and /proc/<pid>/cmdline for all PIDs, persist snapshots and per-pid trend files under /var/log, and recommend cron scheduling. Persisting cmdline and process metadata can capture sensitive command-line arguments (passwords, tokens). The SKILL.md does not mention sanitization, access controls, or retention/rotation policies. It also assumes the provided shell script will be created/executed, but there is no install step to place the script on disk — operational ambiguity.
ℹ 安装机制
No install spec is provided (instruction-only). That lowers supply-chain risk, but also means the user/agent must create the script manually if they follow the instructions. The SKILL.md includes the script content inline, so correctness depends on whoever writes/installs it; there's no signed/release artifact or package referenced.
⚠ 凭证需求
The skill requests no environment variables or external credentials, which is consistent. However it implicitly requires filesystem write access to /var/log and the ability to read other users' /proc entries to achieve full-system inspection. Those privilege needs are not declared. Also collecting cmdline arguments is disproportionate to a minimal memory-only summary and increases risk of capturing secrets.
⚠ 持久化与权限
The skill suggests persistent presence via cron scheduling and writing persistent snapshot/trending files under /var/log/memory-inspector. Although always:false, the instructions create long-lived files and cron entries which require appropriate privileges; the skill does not document required permissions, log rotation, or access controls for these artifacts.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/13
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install system-memory-inspector
镜像加速npx clawhub@latest install system-memory-inspector --registry https://cn.longxiaskill.com