← 返回 Skills 市场

mia-trust

Name: mia-trust
Author: sii-yucheng2002

作者 SII-YUCHENG2002 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

112

总下载

当前安装

版本数

在 OpenClaw 中安装

/install mia-trust

功能描述

MIA-Trust Pipeline - Memory-Intelligent Assistant 信任守门+记忆进化 pipeline

安全使用建议

Key things to check before installing or running this skill: - Metadata mismatch: the registry says no env vars/credentials required, but the code expects API keys and endpoint URLs (MIA_PLANNER_API_KEY, MIA_TRUST_API_KEY, MIA_PLANNER_URL/MIA_TRUST_URL, etc.). Do not assume it runs without credentials; planner will exit if API mode is selected without keys. - Outbound requests: by default the code will call configurable LLM endpoints (defaults to api.openai.com). Review and if needed override MIA_*_URL to a trusted internal endpoint before sending real data. - Persistent storage: user queries, plans, evaluation results, and distilled experiences are written to local files (memory.jsonl, trust/trust_experience.json, feedback.jsonl). These files may contain sensitive content — restrict file permissions, or change paths via env vars (MIA_MEMORY_FILE, MIA_TRUST_EXPERIENCE_FILE, MIA_FEEDBACK_FILE) and/or run in an isolated environment. - Source and provenance: package.json points to a placeholder GitHub URL (https://github.com/yourname/mia-trust). Confirm the package source/repo and review its upstream history before trusting it. - Least-privilege: provide dedicated API keys with minimal scope, and run the skill in an isolated container or VM if you will process sensitive inputs. - Review config: examine trust_experience.json and memory files shipped with the package (they may contain example data) and the SKILL.md/Pipeline documentation to understand what will be stored and sent externally. - If you need guarantees: ask the author for a clear manifest update that lists required env vars/primary credential and the exact network endpoints the skill will contact; otherwise treat the mismatch as a risk. If unsure, run tests with synthetic non-sensitive inputs in a controlled environment first.

功能分析

Type: OpenClaw Skill Name: mia-trust Version: 1.0.0 The bundle implements a security-oriented 'MIA-Trust Pipeline' designed to detect prompt injections and evaluate agent plans for safety. However, it is classified as suspicious due to a critical shell injection vulnerability in the main entry point, `run.mjs`. This script uses `child_process.execSync` to orchestrate sub-modules and embeds user-provided input (`QUESTION`) directly into shell commands with inadequate sanitization (only escaping double quotes), allowing for potential Remote Code Execution (RCE) via shell metacharacters or command substitution. While the intent appears defensive, the implementation of the runner script poses a significant security risk.

能力评估

ℹ Purpose & Capability

Name/description (trust + memory pipeline) match the shipped code: planner, guard, memory, feedback modules are present and consistent with the declared purpose. However the registry metadata claims no required env vars/credentials while the code clearly expects multiple environment variables (MIA_PLANNER_API_KEY, MIA_TRUST_API_KEY, MIA_PLANNER_URL/MIA_TRUST_URL, model names, MIA_MEMORY_FILE, etc.). This is an incoherence between manifest and implementation.

⚠ Instruction Scope

SKILL.md instructs running local node scripts which in turn read and write local files (memory.jsonl, trust_experience.json), call other skill scripts, and make network requests to configurable LLM endpoints (defaults to api.openai.com). The runtime will persist user queries/outputs to local files and send user inputs/plan drafts to external endpoints when mode=api. The SKILL.md examples mention env vars but the registry didn't mark them required; instructions grant the skill discretion to read several env vars and local files beyond what the registry declared.

✓ Install Mechanism

Install is a normal npm package (mia-trust) that declares node-fetch dependency from npm and a postinstall migration script. No opaque downloads, URL shorteners, or arbitrary remote archives are used. Creating a binary mia-trust that runs run.mjs is standard.

⚠ Credentials

The manifest declares no required credentials but the code requires (or can use) API keys and URLs for planner and trust LLM calls (MIA_PLANNER_API_KEY, MIA_TRUST_API_KEY, MIA_PLANNER_URL/MIA_TRUST_URL). Those env vars are named like SECRET/API_KEY and will be used to call remote LLM endpoints; this is proportionate to an LLM-based pipeline but the omission from the registry is a red flag. The skill also reads/writes local config/memory files (MIA_MEMORY_FILE, MIA_TRUST_EXPERIENCE_FILE), which may store sensitive user queries and outputs.

ℹ Persistence & Privilege

The skill is not always-enabled and doesn't modify other skills. It persistently stores memories, feedback, and trust_experience in local files under the skill directory by default; these records are retained on disk and could contain sensitive content. The agent can invoke the skill autonomously (default), which combined with storage and outbound API calls increases blast radius but is expected for such a pipeline.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install mia-trust
安装完成后，直接呼叫该 Skill 的名称或使用 /mia-trust 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

mia-trust 1.0.0 initial release - Introduces the MIA-Trust Pipeline for question safety gating and memory evolution. - Includes step-by-step trust, planning, memory, and feedback modules. - Provides both one-click and stepwise pipeline execution. - Supports memory search, storage, listing, and feedback features. - Comes with configuration and directory structure documentation. MIA-Trust — The Trust Edition of MIA MIA-Trust is the trust-focused variant of MIA (Memory-Intelligent Assistant). It keeps the same learning-oriented backbone—memory, planning, and feedback—but wraps the pipeline in explicit safety gates and trust memory, so OpenClaw-style agents can reuse experience without skipping policy or risk checks. MIA gives you: retrieve similar trajectories → plan with optional history → execute externally → store the best trajectories and collect feedback on novel questions. MIA-Trust extends that with a fixed high-level flow: User question → guard_blocked → Planner → evaluate_plan → (execution) → dual memory guard_blocked — Pre-flight checks on the raw question (including multi-dimensional safety reasoning and experience lookup). Unsafe queries stop before planning. evaluate_plan — Reviews the draft plan (with iterative refinement and experience distillation). Only safe plans proceed; trust-relevant signals are written into trust_experience. Dual memory — memory.jsonl holds execution trajectories as in MIA; trust_experience.json holds distilled trust/safety experience aligned with the guard and plan-review steps. In short: MIA optimizes for remembering and reusing how problems were solved; MIA-Trust is the same skill family with trust gating + trust memory layered on top, for deployments that need MIA’s intelligence with explicit safety and plan vetting.

元数据

Slug mia-trust

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

mia-trust 是什么？

MIA-Trust Pipeline - Memory-Intelligent Assistant 信任守门+记忆进化 pipeline. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 112 次。

如何安装 mia-trust？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install mia-trust」即可一键安装，无需额外配置。

mia-trust 是免费的吗？

是的，mia-trust 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

mia-trust 支持哪些平台？

mia-trust 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 mia-trust？

由 SII-YUCHENG2002（@sii-yucheng2002）开发并维护，当前版本 v1.0.0。