← 返回 Skills 市场
solomonneas

S³ Memory Forensics

作者 Solomon Neas · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
166
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install s3-memory-forensics
功能描述
Master memory forensics techniques including memory acquisition, process analysis, and artifact extraction using Volatility and related tools. Use when analy...
安全使用建议
This is a coherent memory-forensics playbook; nothing in the skill requests unrelated credentials or installs arbitrary remote code. Before using it, (1) only run the acquisition and kernel-level commands on systems you own or have explicit authorization to examine — they require root/administrator privileges and can disrupt systems; (2) verify downloads (e.g., Volatility symbol tables) come from the official Volatility Foundation site; (3) note the SKILL.md references resources/implementation-playbook.md which is not included — check for missing documentation before relying on the skill; and (4) if you allow the agent to invoke skills autonomously, consider disabling autonomous execution for this skill in sensitive environments because following these instructions could access or expose host memory and secrets.
功能分析
Type: OpenClaw Skill Name: s3-memory-forensics Version: 1.0.0 The skill bundle is a comprehensive technical reference for memory forensics, covering acquisition, Volatility 3 plugins, and malware analysis workflows. All commands and instructions in SKILL.md are standard forensic practices (e.g., using winpmem, Volatility, and YARA) aligned with the stated purpose, with no evidence of malicious intent, data exfiltration, or prompt injection.
能力评估
Purpose & Capability
The name/description (memory forensics with Volatility and related tools) matches the SKILL.md content: acquisition commands (WinPmem, LiME, osxpmem, VM exporters), Volatility usage, and workflows. Tools and commands referenced are appropriate for the stated domain.
Instruction Scope
Instructions tell the operator to run privileged acquisition commands (sudo dd, insmod LiME, WinPmem/DumpIt) and analysis (volatility, strings, yara). This is expected for memory forensics, but the SKILL.md also tells the agent to 'open resources/implementation-playbook.md' which is not present in the package — the agent could attempt to read local files in its environment if followed. Verify the resource reference and be cautious about executing privileged commands.
Install Mechanism
No install spec (instruction-only). The doc recommends installing volatility3 via pip and downloading symbol tables from the Volatility Foundation site — these are standard steps. There are no downloads from unknown personal servers or extract/install steps in the skill bundle itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. Commands reference system devices (/dev/mem, /proc/kcore) and VM files (vm.vmem) which are appropriate for memory acquisition but are sensitive — this is proportional to the forensic purpose.
Persistence & Privilege
The skill is not forced-always and is user-invocable. Model invocation is allowed (default), which is normal. Because the instructions include privileged system actions, consider restricting autonomous invocation in environments where the agent could execute commands or access the host filesystem.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install s3-memory-forensics
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /s3-memory-forensics 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the memory-forensics skill, providing practical guidance on RAM acquisition and forensics analysis. - Covers memory acquisition techniques across Windows, Linux, macOS, and virtual environments. - Documents essential Volatility 3 plugins and usage for process, network, DLL, registry, and file system analysis on all major OSes. - Includes structured workflows for both malware analysis and incident response scenarios. - Offers references for Windows memory data structures and common detection patterns for code injection and rootkits. - Provides actionable steps, commands, and best practices for performing memory forensics investigations.
元数据
Slug s3-memory-forensics
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

S³ Memory Forensics 是什么?

Master memory forensics techniques including memory acquisition, process analysis, and artifact extraction using Volatility and related tools. Use when analy... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 166 次。

如何安装 S³ Memory Forensics?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install s3-memory-forensics」即可一键安装,无需额外配置。

S³ Memory Forensics 是免费的吗?

是的,S³ Memory Forensics 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

S³ Memory Forensics 支持哪些平台?

S³ Memory Forensics 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 S³ Memory Forensics?

由 Solomon Neas(@solomonneas)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论