← 返回 Skills 市场
OpenClaw Memory Audit
作者
shingo0620
· GitHub ↗
· v1.1.2
1317
总下载
0
收藏
3
当前安装
4
版本数
在 OpenClaw 中安装
/install openclaw-memory-audit
功能描述
Scan the agent workspace and memory logs for leaked API keys, tokens, or sensitive credentials. Use when the user requests a security check, a memory audit,...
安全使用建议
This skill appears to be a simple, local secrets scanner and does not exfiltrate data, but note the following before installing or running it:
- The script only scans files under the workspace path you give it; it does NOT read agent memory stores or in-memory conversation logs even though the SKILL.md mentions 'memory logs'. If you need memory-store scanning, you'll need additional tooling or explicit instructions to the agent to access that store.
- The scanner prints file paths and line numbers for matches (with values masked). Treat the output as sensitive: it reveals where a secret was found even if the secret value is partially redacted.
- The regexes are intentionally broad (e.g., generic 32+/40+ char tokens) and can generate false positives. Review findings manually before revoking credentials.
- Because the tool reads all text files recursively, run it in an environment where the agent is permitted to read the workspace (no unintended mounts). Consider running in a sandbox or with a copy of the workspace if you are concerned about accidental exposure of file metadata.
If you want the skill to actually scan agent memory or a separate logs DB, ask the author to either: (1) document exactly which memory/log store it will access and request only the minimal API/credentials needed, or (2) include code that explicitly reads from that memory store (with clear, auditable behavior).
功能分析
Type: OpenClaw Skill
Name: openclaw-memory-audit
Version: 1.1.2
The OpenClaw Memory Audit skill is designed for local, read-only scanning of the agent's workspace and memory logs for leaked API keys and credentials. The `SKILL.md` explicitly states its read-only nature and instructs the agent to run a local Python script (`scripts/scan_secrets.py`) and to recommend a recurring audit schedule using OpenClaw's `cron.list()` function, without modifying any configurations. The `scan_secrets.py` script correctly implements this by scanning files for predefined regex patterns, masking any found secrets before printing them to standard output, and making no network calls or system modifications. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts to subvert the agent's intended behavior.
能力评估
Purpose & Capability
Name/description match the code: a Python script walks the workspace and looks for API keys, JWTs, AWS keys, and other long secrets. The only runtime requirement declared (python3) is appropriate for the included script.
Instruction Scope
SKILL.md says the tool scans 'workspace and memory logs' and verifies a recurring audit schedule using cron.list(). The shipped script only walks filesystem files in the provided root directory (workspace) and does not access any agent memory store or memory-log APIs. If you expect it to scan in-memory conversation logs or a separate memory DB, this implementation does not do that. Also the SKILL.md instructs the agent to call cron.list() (an OpenClaw runtime action) which is outside the Python script — that split is fine but is a behavioural mismatch that should be documented clearly.
Install Mechanism
Instruction-only with a small Python script; there is no installer, no external downloads, and no archives being extracted. This is low-risk from an install-mechanism perspective.
Credentials
The skill requests no credentials or environment variables and the script does not read or transmit env vars. There is no indication of unrelated credential access. The patterns the script searches for are broad (may produce false positives) but that is proportional to a secrets scanner.
Persistence & Privilege
The skill does not request permanent/always-included status and does not modify other skills or system configuration. It only runs when invoked.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-memory-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-memory-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.2
Address ClawHub scan concerns: fix documented paths; stop excluding skills/ SKILL.md from scanning; keep excludes minimal; clarify output wording.
v1.1.1
Fix ClawHub suspicious flag: declare runtime requirement (python3), remove accidental dist/*.skill artifact, and clarify scope (local scan only; no credentials; cron recommendation only).
v1.1.0
openclaw-memory-audit 1.1.0
- Added automated verification for recurring audit schedules and recommendations if missing.
- Updated instructions to check cron jobs and prompt users to set a weekly security audit if none exists.
- Improved documentation to clarify both secret scanning and schedule audit workflows.
v1.0.0
Initial release — provides automated security scanning for exposed secrets in the agent's workspace and memory logs.
- Scans for leaked API keys, tokens, and sensitive credentials in text files.
- Specifically detects OpenAI keys, Telegram tokens, JWTs, generic secrets, and AWS credentials.
- Excludes known safe files like openclaw.json from scans.
- Offers step-by-step recommendations if secrets are detected.
元数据
常见问题
OpenClaw Memory Audit 是什么?
Scan the agent workspace and memory logs for leaked API keys, tokens, or sensitive credentials. Use when the user requests a security check, a memory audit,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1317 次。
如何安装 OpenClaw Memory Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-memory-audit」即可一键安装,无需额外配置。
OpenClaw Memory Audit 是免费的吗?
是的,OpenClaw Memory Audit 完全免费(开源免费),可自由下载、安装和使用。
OpenClaw Memory Audit 支持哪些平台?
OpenClaw Memory Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Memory Audit?
由 shingo0620(@shingo0620)开发并维护,当前版本 v1.1.2。
推荐 Skills