📦 Unified — 统一

v5.2.5

Memory 提供分层、原子化且高性能的内存管理系统，具备结构化召回、向量搜索、智能去重、压缩与生命周期管理等功能。

0· 19·0 当前·0 累计

by @mouxangithub (程序员小刘)·MIT

开发工具代码生成数据与API 数据库网络工具

下载技能包

License

MIT

最后更新

2026/4/20

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

high confidence

The skill appears to implement the described unified-memory system, but there are notable mismatches and risk signals (prompt-injection patterns in SKILL.md, remote install instructions, and server/cloud/plugin code) that merit manual review before installing or running.

评估建议

This package looks like a full-featured memory system and the codebase largely matches its description, but there are several red flags you should address before installing or running it: - Do not run any remote install command (e.g., curl ... | bash) from this project without auditing the script. Prefer installing from a vetted GitHub release or building locally after review. - SKILL.md triggered prompt-injection patterns. Open SKILL.md and search for lines that attempt to override or instruct...

详细分析 ▾

ℹ 用途与能力

Name/description match the included codebase: many storage, vector, server, plugin and cloud integration modules are present and consistent with a memory system. However the registry metadata declares no required env vars/binaries while the code includes web servers, cloud/collab integration and plugin hooks that in practice often require configuration/credentials — this is a proportionality/visibility gap (the skill asks for nothing but contains components that normally need config).

⚠ 指令范围

SKILL.md and README include runtime commands and examples that advise running install/deploy scripts (e.g., './deploy-atomic-fixes.sh', 'npm run deploy', and in docs a 'curl ... | bash' install flow). The pre-scan flagged prompt-injection patterns in SKILL.md (ignore-previous-instructions, system-prompt-override). The instructions reference running local server components and scripts that could start HTTP endpoints, modify disk (fsync/atomic renames), or execute arbitrary scripts — broader scope than a pure read-only documentation skill and worth caution.

⚠ 安装机制

Registry lists no install spec, but repository/docs show and reference remote install scripts (curl raw.githubusercontent.com | bash) and many executable scripts in the package. If users follow those instructions they'd run code fetched from the network. The lack of a declared, auditable install mechanism in the registry plus remote install instructions is a risk.

ℹ 凭证需求

The skill declares no required env vars/primary credential, yet code contains cloud, multi-tenant, and integration modules (collab/cloud, integrations/git_tools, v4 storage gateway) that commonly require credentials and network access. Absence of declared credentials reduces transparency — additional config may be expected at runtime but not surfaced to the registry metadata.

⚠ 持久化与权限

always:false (good). But the package contains server components (REST/MCP/HTTP/WebUI) and a plugin system with hot-reload and lifecycle hooks which, if started, can accept network connections and execute third‑party plugin code. That increases blast radius if the skill is run; the skill does not explicitly document network/port bindings in the registry metadata.

⚠ src/git_notes.js:55

Shell command execution detected (child_process).

⚠ src/index.js:814

Shell command execution detected (child_process).

⚠ src/integrations/git_manager.js:32

Shell command execution detected (child_process).

⚠ src/lessons.js:541

Shell command execution detected (child_process).

⚠ src/qmd_integration.js:41

Shell command execution detected (child_process).

⚠ src/search/qmd_backend.js:26

Shell command execution detected (child_process).

⚠ src/storage_lock.js:34

Shell command execution detected (child_process).

⚠ src/system/sandbox.js:147

Shell command execution detected (child_process).

⚠ src/tools/git_notes.js:36

Shell command execution detected (child_process).

⚠ src/tools/qmd_search.js:77

Shell command execution detected (child_process).

⚠ src/webui/dashboard.js:212

Shell command execution detected (child_process).

⚠ src/agents/agent_memory.js:40