← 返回 Skills 市场
Memory Scan
作者
dgriffin831
· GitHub ↗
· v1.0.0
1695
总下载
1
收藏
4
当前安装
1
版本数
在 OpenClaw 中安装
/install memory-scan
功能描述
Scans OpenClaw agent memory files and workspace configs for malicious content, credential leaks, prompt injections, and security threats.
安全使用建议
This package is plausibly a legitimate memory-scanner, but there are important mismatches and operational behaviors to verify before installing:
- Metadata vs reality: The registry declares no env vars, but the scripts/docs require OPENAI_API_KEY or ANTHROPIC_API_KEY for remote scanning and OPENCLAW_ALERT_CHANNEL for scheduling. Ask the author to update metadata or be prepared to provide these values.
- Remote scanning is opt-in (--allow-remote) and the code claims to redact sensitive tokens before sending, but any remote analysis sends content to external LLMs. If you care about leaked secrets or privacy, avoid --allow-remote or review redaction regexes carefully.
- The skill calls the openclaw CLI to read gateway config and to create scheduled jobs. Confirm you trust the openclaw CLI and the exact cron job payload before running schedule-scan.sh.
- Quarantine modifies workspace files (backups in .memory-scan/quarantine and redacts lines). That behavior is documented and opt-in, but you should review backup locations and permissions.
- Review the included code yourself or run the scanner in an isolated/test workspace first (e.g., copy ~/.openclaw/workspace to a safe test directory), especially if you plan to enable scheduling or remote LLM analysis.
If you decide to proceed: run only the local pattern scan first (no --allow-remote), verify the tool's output on test files, confirm the cron job payload, and only install/setup the venv and schedule if you understand and accept the credential and scheduling implications.
功能分析
Type: OpenClaw Skill
Name: memory-scan
Version: 1.0.0
The OpenClaw Memory-Scan skill is a security scanner designed to detect malicious content, prompt injection, and credential leakage within an agent's internal memory files. It uses local pattern matching and optionally sends redacted content to legitimate OpenAI/Anthropic API endpoints for deeper LLM analysis. The skill's scripts (e.g., `memory-scan.py`, `quarantine.py`, `schedule-scan.sh`) and documentation (e.g., `SKILL.md`, `README.md`, `docs/detection-prompt.md`) consistently align with its stated security purpose, including safeguards like content redaction and opt-in quarantine with backups. There is no evidence of intentional harmful behavior, unauthorized data exfiltration, malicious execution, or prompt injection attempts against the agent to subvert its core functions.
能力评估
Purpose & Capability
The SKILL.md, README, and scripts consistently describe a memory scanner that reads agent memory under ~/.openclaw/workspace and optionally calls remote LLMs for deeper analysis. Those capabilities align with the skill name. However, the registry metadata declares no required environment variables or credentials while the documentation and scripts expect API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, PROMPTINTEL_API_KEY) and an alert channel (OPENCLAW_ALERT_CHANNEL). This mismatch between declared requirements and actual runtime needs is unexpected.
Instruction Scope
Runtime instructions and scripts read and modify workspace memory files (MEMORY.md, memory/*.md and other config files) and can redact/quarantine content. The scanner will call the OpenClaw CLI (openclaw gateway config.get and openclaw cron add) and may create scheduled jobs. Remote LLM scanning (opt-in via --allow-remote) will send redacted file contents to external APIs. These actions are coherent for a memory scanner, but the instructions give agents broad access to workspace files and rely on external CLI/tools and API keys — confirm you want those accesses and that the redaction is sufficient for your threat model.
Install Mechanism
No external download/install spec is in the registry (instruction-only), and included helper script sets up a Python venv and pip-installs well-known libraries (openai, anthropic). Nothing is fetched from untrusted URLs or arbitrary servers. This is low-to-moderate install risk; running setup-venv.sh will install networked Python packages.
Credentials
Although the registry lists no required env vars, the code and docs expect: OPENAI_API_KEY or ANTHROPIC_API_KEY for remote LLM analysis, and OPENCLAW_ALERT_CHANNEL (and optionally OPENCLAW_ALERT_TO) for scheduling/alerts. The script also attempts to read gateway config via the openclaw CLI as a fallback to find keys. Requesting LLM API keys and an alert channel is reasonable for the stated functionality, but the metadata omission means the installer may be unaware of credential needs. Require-review: PROMPTINTEL_API_KEY mention for community reporting (molthreats) — optional but should be declared.
Persistence & Privilege
The skill does not set always:true. It can schedule recurring scans via the openclaw cron add command (schedule-scan.sh), which modifies the agent's scheduled jobs; this is expected for a monitoring tool but is a persistent change to agent behavior. Quarantine operations modify workspace files (backups under ~/.openclaw/workspace/.memory-scan/quarantine and redaction), but are opt-in per the docs. Autonomous invocation is allowed by default (disable-model-invocation is false) — normal for skills but worth noting because the skill can be invoked by automation or scheduled hooks.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install memory-scan - 安装完成后,直接呼叫该 Skill 的名称或使用
/memory-scan触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
## [1.0.0] - 2026-02-01
### Added
- LLM-powered memory security scanner (`memory-scan.py`)
- Detection of 8 threat categories:
- Malicious Instructions, Prompt Injection, Credential Leakage, Data Exfiltration
- Guardrail Bypass, Behavioral Manipulation, Privilege Escalation, Prompt Stealing
- 5-level security scoring: SAFE (90-100), LOW (70-89), MEDIUM (50-69), HIGH (20-49), CRITICAL (0-19)
- Quarantine system with backup and redaction (`quarantine.py`)
- Scheduled scanning via cron job (`schedule-scan.sh`)
- Multiple output formats: human-readable, JSON (`--json`), quiet (`--quiet`)
- Single-file and full-workspace scanning modes
- LLM provider auto-detection (OpenAI / Anthropic)
- Eval framework with test cases (`evals/`)
- Signal alerting integration for MEDIUM+ findings
元数据
常见问题
Memory Scan 是什么?
Scans OpenClaw agent memory files and workspace configs for malicious content, credential leaks, prompt injections, and security threats. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1695 次。
如何安装 Memory Scan?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install memory-scan」即可一键安装,无需额外配置。
Memory Scan 是免费的吗?
是的,Memory Scan 完全免费(开源免费),可自由下载、安装和使用。
Memory Scan 支持哪些平台?
Memory Scan 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Memory Scan?
由 dgriffin831(@dgriffin831)开发并维护,当前版本 v1.0.0。
推荐 Skills