by 安全扫描
OpenClaw
可疑
high confidenceThe skill's purpose (encrypted backups) is plausible, but there are multiple incoherences and missing pieces (undeclared required credentials, missing library files, and TypeScript/JS runtime mismatches) that make it unsafe to install without further verification.
评估建议
Do not install or run this skill yet. Before proceeding, ask the publisher for the missing library files (lib/backup-manager.js, lib/membase-client.js, lib/encryption.js) or a clear build/install step. Confirm why the registry metadata lists no required environment variables while the code expects MEMBASE_ACCOUNT, MEMBASE_SECRET_KEY and MEMBASE_BACKUP_PASSWORD. Avoid letting the agent echo or log secrets (the SKILL.md example prints env values). Verify the source of the skill (homepage/source un...详细分析 ▾
⚠ 用途与能力
The README/code expect MEMBASE_ACCOUNT, MEMBASE_SECRET_KEY and MEMBASE_BACKUP_PASSWORD and also read ~/.openclaw/openclaw.json to get config, but the registry metadata declared no required environment variables or config paths. Requiring account/secret keys and reading the agent's config is consistent with a backup service, but the manifest omission is an incoherence that could hide credential needs.
⚠ 指令范围
SKILL.md instructs the agent to check and echo secret env vars (e.g., echo $MEMBASE_BACKUP_PASSWORD) and to cd into skills/membase and run node membase.ts. Echoing secrets risks leaking them into logs; asking the agent to read home config (~/.openclaw/openclaw.json) and workspace is within backup scope but broader than the declared skill surface. The instructions are prescriptive about local file access and revealing env values, which is risky and was not reflected in the declared requirements.
⚠ 安装机制
There is no install spec (instruction-only), but the package includes TypeScript source files. membase.ts imports './commands/backup.js' and other .js modules while the manifest files are .ts. Also the commands import ../lib/*.js (backup-manager, membase-client, encryption) but those lib files are not present in the file manifest. This means the code cannot run as-is and would require fetching or generating additional code or a build step—an ambiguity/risk.
⚠ 凭证需求
The environment variables the skill uses (account, secret key, backup password) are reasonable for a backup tool, but the skill metadata declared none. The SKILL.md explicitly tells the agent to echo these env vars (potentially exposing secrets) and the code will read openclaw.json from the user's home directory. The combination of missing declared requirements and instructions that reveal secrets is disproportionate or at least poorly documented.
ℹ 持久化与权限
The skill does not request always:true and is user-invocable only. It will read user-level config (~/.openclaw/openclaw.json) and the workspace directory to find memory files — behavior that makes sense for a memory backup skill but is somewhat privileged because it accesses potentially sensitive local agent config and files. This is expected functionality but worth noting.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/3
The first official Unibase Membase skill: decentralized persistent memory, purpose-built for OpenClaw Bot.
● 可疑
安装命令
点击复制官方npx clawhub@latest install unibase-membase
镜像加速npx clawhub@latest install unibase-membase --registry https://cn.longxiaskill.com